AI-Powered Worm Hits 20 Hosts in a Week, Researchers Warn Crypto Networks Could Be Next 🐛

Researchers from the University of Toronto, the Vector Institute, the University of Cambridge, and ServiceNow have demonstrated a proof-of-concept AI-powered computer worm that identifies vulnerabilities, generates tailored attack strategies, and spreads autonomously across networks without human operators. The study, published this week, describes a self-replicating malware system that uses a large language model to reason about each target it encounters and adapt its tactics in real time rather than relying on fixed exploit code. "We must prepare for autonomous generative adversaries," the researchers wrote. "Malware systems that propagate without human operators and are defined not by fixed exploit code, but by the capacity to reason about targets, adapt to observations, and synthesize attack logic in real time."

The team tested the worm in an isolated virtual network containing 33 Linux, Windows, and IoT systems seeded with common vulnerabilities. Across 15 experiments, the worm identified an average of 31.3 vulnerabilities, successfully compromised 23.1 hosts, and spread to roughly 20 machines during seven days of autonomous operation. In some tests, the malware reached seven generations of self-replication. Unlike earlier worms such as ILOVEYOU in 2000, WannaCry in 2017, and the more recent Shai-Hulud strain that infected software used by companies including OpenAI and Mistral, the new prototype was not limited to a predetermined set of exploits. "Traditional worms, like WannaCry, exploited predetermined vulnerabilities, and their spread can be halted by patching those vulnerabilities," the authors wrote. "Here we show that artificial intelligence agents enable a fundamentally new threat: a worm that generates tailored attack strategies to each target it encounters."

A key difference from many existing AI applications is that the worm does not require access to cloud services from providers such as AWS, Microsoft Azure, or Google Cloud. The malware runs AI models directly on compromised machines, turning each infected system into part of its own computing infrastructure as it spreads. The researchers also found the system could incorporate information published after its model's training cutoff by ingesting newly disclosed security advisories at runtime, allowing it to exploit vulnerabilities that were not part of its original training data.

The release comes as cryptocurrency operators continue to face self-propagating malware targeting software supply chains and exposed nodes, and as on-chain analysts track the use of AI-assisted tools by attackers. The paper does not single out any blockchain protocol or digital asset, including $BTC or $ETH, but its authors warn that any internet-connected system running unpatched software or hosting autonomous agents could fall within the worm's reach.

The study was released alongside advisories from cybersecurity firms urging institutions, including digital-asset custodians and node operators, to segment networks, monitor for unusual lateral movement, and audit any deployment of autonomous AI agents with outbound network access. The researchers said the proof of concept was conducted entirely in an isolated lab environment and that no real-world deployment has been observed.