Adaptive, agentic AI worms loom as next enterprise threat

The hunt is on to find protections against the coming generation of adaptive AI worm malware in order to head off a global incident on the scale of other famous worm events, such as NotPetya, Stuxnet, MSBlast or the SQL Slammer worm.

AI adaptive worms will be autonomous agents that rapidly self-propagate by searching for zero-day bugs, known but unpatched software flaws, and unprotected secrets — and they will be able to do this across multiple environments, morphing dynamically as they go. 

To get ahead of this evolution, AI/machine learning (ML) security researchers at the University of Toronto, the Canadian AI incubator Vector Institute, enterprise-software firm ServiceNow and the University of Cambridge created a proof-of-concept (PoC) agentic AI worm that spreads by adapting to each new environment, searching for vulnerabilities and creating programs to exploit the systems. And over at cybersecurity firm BeyondTrust, researchers there are also creating and testing the capabilities of an AI worm. The goal is similar to virologists’ “gain of function” research, which creates pathogens to study how to protect the world against potential pandemics.

Read more at Dark Reading