Researchers in Toronto have built a malware prototype that learns on the fly, turning compromised devices into engines for its own spread. Using an open-weight model and tested in a sandbox, the worm hops across laptops, printers, and cameras, slipping past weak passwords to grab data and replicate. Unlike smash-and-grab outbreaks like WannaCry, it offloads the work to victims’ compute, making scale cheap even for small operators. It is slower today due to AI inference overhead, but as models speed up, the pressure mounts on IT teams and policymakers to lock down every node before this approach goes mainstream.

A new breed of AI-driven malware emerges

Cyber researchers are warning that the next wave of attacks may not just be faster, but smarter. A team at the University of Toronto has built a prototype AI-driven worm that adapts to its surroundings in real time and feeds off the computing power of devices it compromises. Unlike WannaCry in 2017, which exploited a single flaw at scale, this prototype learns and pivots as it moves.

How this AI worm operates

The core is an open-weight model, meaning the model’s parameters are available for editing and tuning. In controlled tests, the researchers linked dozens of everyday endpoints, then watched the worm spread across laptops, printers, and cameras. It did more than replicate. It scraped credentials, probed weak configurations, and chained small missteps like poor password hygiene into deeper access.

Low-cost, high-impact threat

As the worm spreads, it steals compute from each device to plan and execute the next move. That creates a disturbing multiplier: the victim network funds the attack. Nicolas Papernot, who leads the CleverHans Lab at Toronto, cautions that this approach could make broad assaults cheap and persistent. Today, execution is slower because the malware relies on AI inference. Hardware and model gains could erase that speed gap quickly.

What this means for cybersecurity

The researchers say the prototype infected roughly half the test network in about 5 days, which buys defenders some time but not much. The bigger shift is strategic. Patch one flaw and the worm can pivot to misconfigurations, weak passwords, or stale devices at the edge. That turns every unmanaged printer, camera, or router into a potential staging area.

Preparing for AI-shaped attacks

The practical moves are clear. Lock down all internet-connected devices, rotate and harden credentials, and segment networks so a single foothold does not become a freeway. Monitor outbound traffic, not just inbound scans. Boards should ask security leaders how they would detect AI-driven lateral movement, and how quickly incident response can quarantine compromised compute before it funds the next hop. The costs of waiting are rising by the day.