A team of researchers has built the world's first self-sustaining AI-powered computer worm — and it does not need human help to spread. The worm learns as it moves from device to device, tailoring its attack strategy to each target it finds.
The research was published as a preprint by scientists from the University of Toronto, the University of Cambridge, and affiliated institutions. The paper is available on arXiv. The worm was built inside an isolated virtual network and will not escape into the wild. But the researchers say it proves something the world has been reluctant to accept: self-replicating AI threats are no longer theoretical.
What Makes This Worm Different
Traditional worms exploit a single known vulnerability. The WannaCry attack of 2017 hit over 150 countries but was neutralised after one security flaw was patched. The new AI-powered worm operates differently.
READ: AI Is Creating More Cybersecurity Jobs Than It Kills
It probes each device it lands on individually. It detects unique weaknesses in that specific machine. Then it crafts an attack strategy tailored to what it finds. David Lie, a professor at the University of Toronto who reviewed the research, put it plainly: "Because this is AI-powered, it can learn."
The test network included Linux, Windows, and IoT devices with common corporate vulnerabilities, such as reused passwords. The experimental network was half-compromised within roughly five days. That timeline will shrink as devices get faster at running AI models locally.
A Free Model Anyone Can Download
The researchers did not use closed proprietary AI from Anthropic or OpenAI. They used a freely available open-source model that anyone can download today. That detail matters more than it first appears.
The barrier to building something like this is nearly zero. No API access. No corporate approval. No cost beyond electricity and time. The threat landscape shifts entirely when the entry cost is zero.
The researchers warned that modern smartphones and laptops built to support AI inference become fuel for the worm's propagation. As they wrote: "Every machine connected to the internet is a potential target — if not for the data it holds, then as a launching pad for the next attack."
Dual-Use: The Same AI Can Defend
The technology cuts both ways. The same AI capabilities that let a worm learn to attack can be pointed at defence. AI tools can scan networks, find vulnerabilities before attackers do, and respond faster than any human security team.
READ: Anthropic Raises $65B, Overtakes OpenAI at $965B Valuation
Anthropic acknowledged this tension earlier this year when it announced Mythos, an advanced AI model it is sharing with a small group of early testers through a programme called Project Glasswing. The goal is to give defenders time to understand and counter the threat before it spreads beyond controlled testing.
OpenAI followed with its own cybersecurity-focused model. Both companies are moving cautiously. The University of Toronto team did the same, omitting key technical details from their published paper to avoid handing bad actors a blueprint.
"We shared enough information to make the threat credible enough for scientific scrutiny without providing a blueprint that would enable misuse," they wrote.
