CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 05, 2026

Adaptive, Agentic AI Worms Loom as Next Enterprise Threat

Dark Reading Archived Jun 05, 2026 ✓ Full text saved

AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say.

Full text archived locally
✦ AI Summary · Claude Sonnet


    CYBER RISK APPLICATION SECURITY CYBERSECURITY OPERATIONS VULNERABILITIES & THREATS NEWS Adaptive, Agentic AI Worms Loom as Next Enterprise Threat AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say. Robert Lemos,Contributing Writer June 5, 2026 6 Min Read A MAP OF AN AI WORM'S SPREAD. SOURCE: UNIVERSITY OF TORONTO The hunt is on to find protections against the coming generation of adaptive AI worm malware, to head off a global incident on the scale of other famous worm events, such as NotPetya, Stuxnet, MSBlast, or the SQL Slammer worm. AI adaptive worms will be autonomous agents that rapidly self-propagate by searching for zero-day bugs, known but unpatched software flaws, and unprotected secrets — and they will be able to do this across multiple environments, morphing dynamically as they go.  To get ahead of this evolution, AI/machine learning (ML) security researchers at the University of Toronto, the Canadian AI incubator Vector Institute, enterprise-software firm ServiceNow, and the University of Cambridge created a proof-of-concept (PoC) agentic AI worm that spreads by adapting to each new environment, searching for vulnerabilities, and creating programs to exploit the systems. And over at cybersecurity firm BeyondTrust, researchers there are also creating and testing the capabilities of an AI worm. The goal is similar to virologists' "gain of function" research, which creates pathogens to study how to protect the world against potential pandemics. Related:Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs Agentic, adaptive AI worms haven't yet reared their heads in the wild, but Kinnaird McQuade, chief security architect at BeyondTrust, expects such an event in six months to a year, he told attendees at the fwd:cloudsec North America Conference this week. "I personally believe that an AI powered worm attack is imminent," he said. "I think it's going to target developers and engineers ... who have broad access, and will pivot through clouds, and I think many companies will not recover." Attackers have already started combining self-propagation capabilities, which are historically what defines a "worm," with malicious AI tools to attack developers and software supply chains. Last September, cybersecurity firms warned that a worm, Shai-hulud, started squirming its way through Node Package Manager (npm) repositories, stealing developer credentials and secrets in order to infect new packages. The next month, researchers discovered the GlassWorm attack, which utilizes VS Code extensions to compromise developer machines. Other malware operators have started using large language models (LLMs) to improve obfuscation during attack execution, although most attackers use LLMs to help code malware, not as a runtime capability. An Old Cyber Threat With a New AI Spin AI worms are the next step, and not necessarily a new idea. These types of AI-powered digital programs have shown up in fiction: Daniel Suarez's Daemon (2006) had an AI that spread through systems, while Daniel H. Wilson's AI in Robopocalypse (2011) escaped digital containment and then spread to devices. Related:Cyber Insurance Rates Are Dropping, but Exclusions Widen The real-world PoC AI agents are more modest: they replace "fixed exploitation code with goal-directed reasoning that adapts to the vulnerabilities of each target in real time," the University of Toronto researchers stated on their site. The agents spread across a network by jumping from device to device, adapting to its current environment, stealing secrets, and finding vulnerabilities by using the systems' own resources against them. "Traditional worms can be stopped by patching the specific vulnerability they exploit," the researchers wrote. "Our adaptive worm cannot be stopped this way: it uses a recursive reasoning loop to detect and exploit diverse vulnerabilities as it propagates."   Source: "AI Agents Enable Adaptive Computer Worms," University of Toronto, et al. The worm only uses small, free AI models to drive its decision-making and reasoning capabilities, the researchers stated. The AI agent autonomously identifies vulnerabilities and sensitive information on each machine, and then uses those weaknesses to spread. This is the evolutionary process at work, says Gary McGraw, founder of the Berryville Institute of Machine Learning (BIML). If regular worms are "viruses with wings," AI worms are "viruses with wings and brains," he says. Related:FBI-Flagged Phishing Kit Kali365 Expands Its Reach The problem is that despite three decades of trying to deal with software vulnerabilities, most businesses will be faced with insurmountable patching issues. Even with vulnerability-finding technologies, and the purported power of Anthropic's Mythos, it will be tough to significantly reduce the attack surface given all the software that's out there, McGraw says. "There are two dimensions in vulnerability management," he says. "We are going to be building better software, and driving down some of our technical debt, but we're also going to be building more software than ever." AI Worms Approach: A Deadline for Stronger Security Researcher work on adaptive AI worms could itself be the catalyst for malicious development, or at least a harbinger. In August 2002, a paper by a trio of researchers, "How to 0wn the Internet in Your Spare Time," discussed using lists of vulnerable servers as a preset to speed worm propagation — a so-called "flash worm." Five months later just such a worm arrived, as the SQL Slammer worm spread across the Internet, infecting 90% of its hosts in less than 10 minutes. There are technical hurdles for any would-be attackers, however. While cryptojacking shows that attackers can hijack processors and memory without the victim necessarily noticing, an AI worm would be an order of magnitude more obvious, says August Moore of senior AI and security engineer at 7AI, an AI-cybersecurity firm. "[I]t's much easier to stay hidden on systems where no one is looking," he says, while a model running on a typical system will be much more detectable: "Tens of gigabytes resident in VRAM and an ML [machine-learning] runtime on a host with no reason to run inference won't fade easily into background noise." Stop the Worms Before They Start Making enterprise networks resilient to AI worms will take hardening and visibility, McQuade tells Dark Reading. Least privilege is a critical approach for weathering an AI worm attack — companies should look to get more endpoint and cloud telemetry, and start setting up auto-remediation actions. "It's about stopping [an attack] before it starts, and taking action immediately when you notice those signals, and being able to understand that broader blast radius," he said. "The worm loved when it found over-privileged roles, human access to production environments, and secrets sprawl. We have to deal with this at a scale like we haven't seen before, and the barrier to creating AI-powered worms is low." The University of Toronto researchers also focused on detection, reducing the attack surface, and limiting propagation as the best approaches for defenders. The good news is that the basics are still effective. "Zero-trust architectures limit lateral movement after a foothold is established, by requiring continuous authentication for every access request," they said in an FAQ accompanying their research. "Network micro-segmentation constrains the set of hosts reachable from any single compromised machine. Our test environment represented a worst-case flat network — even basic segmentation would substantially limit the worm's reach." About the Author Robert Lemos Contributing Writer Rob is an award-winning, veteran technology journalist of more than 30 years, reporting on global cybersecurity issues, the latest offensive and defensive technologies, malware incidents, cyber conflict, and AI's impact on software and cybersecurity.  A former research engineer, Rob has written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. He has received five awards for journalism, including Best Deadline Journalism (Online) in 2003 for his coverage of the Blaster worm. Rob also analyzes data on various trends using Python and R for both his reporting and his clients. Recent reports include analyses of the shortage in cybersecurity workers, annual vulnerability trends, and annual threat reports. Rob holds degrees from Cornell University in Electrical Engineering and Computer Science (double major). Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar AI-Powered Cybersecurity for Resource-Constrained Organizations More Webinars You May Also Like CYBER RISK How Can CISOs Respond to Ransomware Getting More Violent? by James Doggett JAN 28, 2026 CYBER RISK US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity by Alexander Culafi JAN 05, 2026 CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBER RISK Microsoft Exchange 'Under Imminent Threat,' Act Now by Arielle Waldman NOV 12, 2025 Editor's Choice CYBERSECURITY OPERATIONS 20 Leaders Who Built the CISO Era: 2 Decades of Change byDark Reading Editorial Team MAY 12, 2026 41 MIN READ APPLICATION SECURITY It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight byJai Vijayan MAY 12, 2026 5 MIN READ CYBERATTACKS & DATA BREACHES Instructure Breach Exposes Schools' Vendor Dependence byAlexander Culafi MAY 6, 2026 4 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed TUESDAY, JUNE 23, 2026 1:00 PM EDT Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack THURS, JUNE 25, 2026, AT 1PM EST Defending in the Shadow Era: When the CVE Feed Goes Dark TUES, JUNE 16, 2026 AT 1PM EST Building SecOps That Make the Most of Every Dollar THURS, JULY 9, 2026 AT 1PM EST AI-Powered Cybersecurity for Resource-Constrained Organizations THURS, JUNE 18, 2026, AT 1PM EST More Webinars BLACK HAT USA | MANDALAY BAY, LAS VEGAS The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass. GET YOUR PASS
    💬 Team Notes
    Article Info
    Source
    Dark Reading
    Category
    ◇ Industry News & Leadership
    Published
    Jun 05, 2026
    Archived
    Jun 05, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗