AI-powered worms could become cybersecurity’s next nightmare, experts warn

Cybersecurity experts have raised alarms over a new threat: AI-powered worms that could exploit vulnerabilities in interconnected systems, spreading autonomously across devices. Researchers from the University of Toronto demonstrated how publicly available AI chatbots, including ChatGPT, could fuel these worms by using compromised machines to run large language models (LLMs) for further attacks. The study, posted on arXiv, found that such worms could target networks of Linux, Windows, and IoT devices—including printers, laptops, and cameras—by leveraging real-world corporate network weaknesses. The findings underscore a critical shift in cyber threats, where AI-driven worms could outpace traditional defenses. Nicolas Papernot, a lead researcher, emphasized the need for proactive security measures, noting that hackers now face nearly zero cost to launch widespread attacks once a worm is deployed. Current cybersecurity models may struggle to prevent these attacks, given the vast number of device vulnerabilities. Papernot warned that even small, open-source AI models could be repurposed to create such threats, making containment increasingly difficult. The study’s simulations revealed that AI worms could infiltrate modern infrastructure, including water, energy, banking, and healthcare systems, all of which rely on networked computers. Experts urge policymakers, industry leaders, and researchers to develop innovative defense strategies to mitigate this evolving risk. Papernot stressed the importance of regular software updates, urging users to close potential entry points by applying patches promptly. The research signals a urgent need for collaboration to safeguard digital ecosystems against this emerging AI-driven cyber threat.