Technology

Researchers warn AI-powered worms could spread across online devices

AI models can now help a worm change tactics as it moves from one device to another, turning ordinary laptops, printers and cameras into a new attack path.

Lisa Park··2 min read
Published
Listen to this article0:00 min
Researchers warn AI-powered worms could spread across online devices
Source: utoronto.ca

Researchers at the University of Toronto are warning that the next wave of cyberattacks may not hinge on the biggest AI systems, but on small, freely available models that can help a worm think as it spreads. Nicolas Papernot and collaborators said publicly accessible, open-weight AI models can be used to power malware that adapts its strategy from one device to the next, a shift they described as a fundamental new threat.

The team’s work, published June 2, 2026, was tested in a secure closed digital lab rather than on the public internet. Their proof-of-concept prototype ran in a simulated network of dozens of interconnected devices, including laptops, printers and cameras, to show how an AI-enabled worm could move through a realistic environment without restraint. The researchers said they built the system to help the cybersecurity community prepare for an imminent threat, not to create a deployable weapon.

AI-generated illustration
AI-generated illustration

What makes the idea different from older worms is flexibility. Traditional malware such as WannaCry relied on predetermined vulnerabilities and followed a fixed playbook. The AI-enabled version can tailor attack strategies to each target it encounters, looking for multiple weaknesses on the same machine, including known vulnerabilities and simple misconfigurations such as reused passwords. The researchers said infected machines could even be used to run the AI model itself, letting the worm sustain its reasoning and extend its reach while lowering the cost of sophisticated attacks for criminals.

Papernot said the danger is not confined to the most powerful AI systems. He said small free models, running on a single GPU, may be enough to create a self-spreading threat that can identify each machine’s unique weak points. That raises the stakes for hospitals, financial systems and the networks behind essential services, where one weak device can become a bridge into a larger operation.

The warning lands at a moment when AI hype often centers on productivity tools and chatbots, but the practical risk is more ordinary and more immediate: connected devices with old software, weak passwords and poor segmentation. For consumers, companies and government agencies, the lesson is blunt. The machines already on the network, from cameras to printers to laptops, are becoming the attack surface, and current defenses are not yet ready for worms that can learn as they move.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More in Technology