Overview
- University of Toronto researchers published a preprint and reported that their prototype worm spread across an isolated test network with no human intervention after their paper was posted on June 2.
- The worm uses open-weight large language models embedded on infected hosts to reason about each target and generate bespoke exploit code rather than relying on fixed, prewritten payloads.
- The experiment showed the prototype could operate across Windows, Linux and low-power IoT devices and use compromised machines' processing to run the model, which makes a single software patch insufficient to stop it.
- Authors ran the test in a walled-off lab and redacted technical details from the paper to avoid serving as an attack blueprint, while industry voices urged faster patching and broader vetted access to defensive AI tools such as Anthropic's expanded Mythos program.
- Security experts warn the finding raises serious concern because attackers could face near-zero marginal cost if they use stolen compute, but some practitioners note lab demos often overstate real-world effectiveness due to errors, resource limits and network complexity.