Researchers Demonstrate Adaptive AI-Powered Computer Worm Threat

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

Researchers from the University of Toronto, Vector Institute, and University of Cambridge have developed a proof-of-concept AI-driven computer worm using large language models. The worm autonomously adapts its attack strategies, posing a significant cybersecurity risk if deployed, though tests were limited to controlled environments with no real-world harm reported.[AI generated]

Why's our monitor labelling this an incident or hazard?

The article explicitly involves an AI system—an AI-powered worm using large language models to autonomously generate attack strategies and adapt to targets. The event stems from the AI system's development and testing, demonstrating its capabilities. Although no actual incident of harm has occurred, the described AI system could plausibly lead to significant harm such as disruption of critical infrastructure and widespread cyberattacks. The researchers themselves acknowledge the dual-use risk and the need for coordinated mitigation efforts. Since harm is not yet realized but the threat is credible and significant, the event fits the definition of an AI Hazard rather than an AI Incident or Complementary Information.[AI generated]
AI principles
Robustness & digital securitySafety

Industries
Digital securityIT infrastructure and hosting

Affected stakeholders
BusinessGeneral public

Harm types
Economic/PropertyPublic interest

Severity
AI hazard

AI system task:
Reasoning with knowledge structures/planningContent generation


Articles about this incident or hazard