University of Toronto Develops AI-Powered Worm That Exploits Known Network Vulnerabilities

Researchers at the University of Toronto have built a prototype of an AI-powered computer worm that can autonomously exploit any known software vulnerability and spread across networks without human intervention, testing it in a secure isolated environment disconnected from the public internet ^{[1, 2, 3]}. The worm adapts its attack methods as it infects devices, tailoring exploits to diverse platforms, including Linux, Windows, and Internet of Things devices ^{[2, 3]}.

The worm uses processing power from infected machines to improve its reasoning and optimize future attacks, making it more effective over time ^[3]. The AI models powering the worm are open source or openly accessible online, meaning usage restrictions are difficult to enforce ^{[1, 3]}.

The researchers have redacted sensitive details in their published paper to prevent misuse. They also shared their findings ahead of publication with relevant cybersecurity and government organizations ^{[1, 2]}. Nicolas Papernot, the lead researcher, said, "You have to have a perfectly secure system to defend against this – and we know that is not currently feasible" ^[1]. He added it was "imperative... to understand this threat in a controlled, academic setting before bad actors figured it out for themselves" ^[2].

Unlike more advanced systems such as Anthropic’s Mythos AI, which can detect unknown vulnerabilities, the University of Toronto worm prototype can only exploit known flaws ^{[1, 3]}. Anthropic released Mythos AI in April 2026 with access limited to about 40 trusted organizations. The AI has identified over 10,000 vulnerabilities, with some clients like Cloudflare reporting 2,000 findings and 400 high or critical ones ^{[1, 3]}. OpenAI also restricted its release of similar AI cybersecurity technologies to partner groups ^[1].

Papernot noted that while hackers previously had to prioritize high-value targets due to time and computing limitations, "once a worm is launched, the cost would drop to nearly zero" ^[3].

The University of Toronto team published their paper publicly on June 2, 2026 ^{[1, 2]}.