AI worm research from the University of Toronto shows how agentic AI could make old-school malware much more adaptive.
The team built a prototype worm in a secure digital lab. It used publicly accessible AI models to reason through attacks, adapt to different machines, and spread without a human steering each step.
That is the scary part. Traditional worms usually rely on one known flaw. Patch that flaw quickly enough, and defenders can slow the spread. The researchers argue an AI-driven worm could examine each new target, choose a strategy, and use compromised machines as more infrastructure for the next move.
What the researchers actually showed
The University of Toronto story says the work was designed to help defenders prepare, not to release a ready-made attack. The full CleverHans Lab research page describes an adaptive computer worm that can use reasoning, memory and tool access while moving across a mixed network.
The researchers also posted a preprint on arXiv. Their warning is not that every chatbot is suddenly malware. It is that cheap, available models can already support enough planning to change the economics of cyberattacks.
Why this matters for normal devices
U of T says the risk could extend beyond laptops and servers to cameras, printers, smart thermostats and other internet-connected devices. Some devices are valuable because they hold data. Others are valuable because they become a foothold.
That makes patching and basic security hygiene more important, not less. Weak passwords, forgotten devices and slow updates give automated attacks more room to work. Tech My Money has also covered how platform makers are pushing more safety into everyday tech, including Android fake call detection. The same trend applies here: more AI power means defenders need better automation too.
The researchers did not say users should panic. The better takeaway is that AI security is moving from theoretical model behavior into real network-defense planning. If the warning is early enough, defenders still have time to harden the boring stuff before attackers automate it.
