Cybersecurity researchers have demonstrated a new class of AI-powered computer worm capable of spreading across Linux, Windows and Internet of Things devices by using stolen computing power to guide its next attacks, intensifying concerns that autonomous malware is moving from theory into working laboratory models.The proof-of-concept system marks a significant shift from conventional worms, which typically rely on pre-programmed exploit lists and predictable attack paths. The AI-driven worm instead uses large language models to assess each compromised environment, identify weaknesses and generate tailored strategies for further propagation. Its design shows how malware could adapt during an intrusion rather than simply execute a fixed sequence of commands.
The work was carried out by researchers linked to the University of Toronto, the Vector Institute, the CleverHans Lab and the University of Cambridge. The worm was tested in a controlled environment spanning different device types and operating systems, including Linux machines, Windows hosts and IoT equipment. The model did not depend on a commercial AI service, removing the possibility that platform-level safety filters, rate limits or abuse monitoring could halt its activity.
A central concern is the worm’s ability to parasitically use compromised machines for computation. Once it gains access to systems with suitable processing capacity, including GPU resources, it can run open-weight language models locally and use that capacity to reason about the next target. That mechanism changes the cost structure of attack: each new infection can provide both a foothold and additional compute power, allowing the operation to expand without the attacker continuously supplying infrastructure.
The prototype does not indicate that such worms are circulating widely in live criminal campaigns. Its significance lies in demonstrating that autonomous, self-sustaining malware can be built using models and computing resources that are no longer confined to major technology firms. Security teams have long warned that generative AI could accelerate phishing, vulnerability discovery and malware development. This research goes further by showing how AI can be embedded inside the propagation logic itself.
Traditional malware defences are built around known indicators, signatures, static behaviours and patched vulnerabilities. AI-driven worms could challenge that model because their attack paths may vary from one target to another. A worm able to inspect a network, interpret system responses and craft commands dynamically may be harder to contain through measures aimed at a single exploit or malware family. The danger is not only faster compromise, but also unpredictable lateral movement inside mixed enterprise environments.
IoT devices add a further layer of risk. Many connected devices run outdated Linux-based firmware, retain weak default credentials, or receive limited security updates after deployment. Botnets such as Mirai showed how poorly secured routers, cameras and embedded systems can be turned into distributed attack platforms. An AI-powered worm operating across such environments could combine old weaknesses with adaptive decision-making, making unmanaged devices an even more serious liability for enterprises, public agencies and service providers.
The Windows and Linux dimensions are equally important. Corporate networks often contain a blend of desktops, servers, cloud workloads, development systems and edge devices. Attackers already exploit this diversity by moving between identity systems, remote administration tools, exposed services and misconfigured credentials. AI agents could make that movement more efficient by interpreting local context, selecting attack methods and adjusting commands when defences block one route.
The development comes as cybercriminal use of AI becomes more visible. Security firms have identified AI-assisted phishing, malware code generation, deepfake-enabled fraud and experimental ransomware using locally run models. Some campaigns have used poisoned search results and AI-generated recommendations to distribute GPU-mining malware. The new worm research suggests the next stage may involve malware that does not merely use AI during development, but carries AI capability as part of its operational design.
Defenders are expected to respond by tightening controls around privileged access, GPU workloads, internal network segmentation and model execution environments. Monitoring systems will need to watch not only for known malicious files, but also for abnormal reasoning-like behaviour, unusual local model execution, unexpected GPU utilisation, unauthorised script generation and machine-to-machine probing across network segments.
Topics
Technology