A new AI-powered computer worm could prove to be the stuff of cybersecurity nightmares

Cybersecurity researchers at the University of Toronto have demonstrated something that security experts have been dreading: an AI-powered computer worm that can autonomously find and exploit vulnerabilities without human intervention, without pre-programmed exploits, and without stopping at a single bug.

In a paper published Tuesday titled "AI Agents Enable Adaptive Computer Worms," the researchers describe a worm built using open-weight large language models that achieved a terrifying success rate in testing. Deployed on a simulated 33-machine corporate network, the worm broke into nearly three-quarters of all machines within one week — with zero human involvement.

The fundamental shift is this: traditional computer worms exploit a single known vulnerability. Patch that vulnerability, and the worm stops spreading. That's why WannaCry in 2017 and Heartbleed in 2014, while devastating, were ultimately containable. Each relied on one specific flaw. But the Toronto researchers' worm doesn't need to know about a vulnerability in advance. It uses AI to reason about target systems, identify weaknesses, and generate tailored attack strategies on the fly.

Even more concerning: the worm can read publicly available vulnerability advisories in real time — the same advisories that security teams use to prioritize patching — and figure out how to exploit those new flaws before most organizations have had time to deploy fixes. In other words, it's learning from the same intelligence feed that defenders rely on, and acting on it faster.

The paper arrives at an already nervous moment for the cybersecurity industry. Anthropic's recently launched Mythos model, deployed to critical infrastructure companies through Project Glasswing, revealed just how many unpatched vulnerabilities exist across corporate networks. Now the Toronto team is showing what happens when autonomous AI can find and exploit those vulnerabilities without a human attacker pulling the strings.

Gary McGraw, CEO of the Berryville Institute of Machine Learning and a longtime voice in software security, called the research "bigger than Mythos." The key distinction, he explained, is that previous AI security demonstrations used powerful closed models in controlled settings. This worm uses open-weight models — smaller, widely available AI systems — and still achieves devastating results. "This shows what happens when a generic model that's open weights can be targeted, and it just sort of grinds relentlessly, looking for bugs," McGraw told Fortune.

Ari Herbert-Voss, CEO of RunSybil and formerly OpenAI's first security hire, offered a blunt assessment: "Organizations that continue to patch on human timelines will increasingly find themselves behind the curve." When worms can operate at machine speed, defenders who operate at human speed — reviewing advisories, testing patches, scheduling downtime, deploying fixes across thousands of machines — are structurally disadvantaged.

Not everyone is ready to hit the panic button. Jamieson O'Reilly, an offensive security specialist and founder of Dvuln, noted that the worm was tested in a controlled environment against intentionally vulnerable targets. Real corporate networks have defensive controls, monitoring systems, authentication barriers, and operational friction that could slow or stop autonomous spread. He also pointed out that AI-powered worms using local models need to move large model files between machines, creating unusual network traffic that security teams could detect.

But O'Reilly acknowledged the trajectory: "AI is steadily reducing the expertise required to build autonomous offensive capabilities." As models get smaller and more capable, that detection advantage erodes.

McGraw's prescription was characteristically direct: "Fix your damn software." He pointed to the Mythos project as a model — companies spending millions to find and fix bugs before attackers can exploit them. The problem, as Herbert-Voss countered, is that most organizations already have more vulnerabilities than they can address. The challenge isn't knowing what's broken; it's knowing which broken things actually matter to an attacker who can now test all of them simultaneously.

What This Means For You: If you work in cybersecurity, this research should accelerate your organization's move toward automated patching and AI-assisted threat detection. Human-speed defense against machine-speed attack is a losing proposition. If you're a small business owner without dedicated IT security, now is the time to invest in managed security services — the threat landscape is shifting toward autonomous attacks that don't require skilled human operators. If you're a software developer, the bar for secure code just went up again; every unpatched vulnerability is now exploitable by machines that never sleep. And if you're an investor, companies in the cybersecurity space — particularly those focused on automated vulnerability management and AI-powered defense — are in a structurally growing market that this research will only expand.