Researchers at the University of Toronto uncovered a new cyberthreat that they claim "the world is not ready to face" in the form of a computer worm — a type of malware (malicious software) that spreads between devices rapidly.
Unlike its predecessors, this smart AI worm can autonomously adapt, reason, and make tactical decisions as it infects home devices and moves through the connected network, offering a stark glimpse into the future of digital security, according to the study.
A top Ontario cybersecurity expert told Metroland Media, while there is no need to panic, this threat shouldn't be ignored either. He shares what this means for end users and practical advice to protect against advanced threats like this.
U of T researchers uncover AI computer worm
U of T researchers say the new threat can be created using free, downloadable AI tools.
In a study shared this week, researchers were able to build an AI-enabled computer worm, proving that smaller, open AI tools can be used to create serious threats with widespread impact.
Researchers said the new worm can "autonomously identify a machine's weak points" and exploit the vulnerabilities to hijack devices like laptops, cameras, routers, smart TVs, and every device connected online.
A worm is a type of malware that can multiply, quickly spread from one device to another and travel through the network to wreak more havoc.
How is this AI worm different from other computer worms?
Ontario cybersecurity expert Ali Dehghantanha, Canada research chair in cybersecurity and threat intelligence and professor of cybersecurity at the University of Guelph, said while traditional worms follow pre-set instructions, the new AI-enabled worm can adapt and reason.
He explained that the new worm can possibly adapt its next step, reason about available options, and interpret what it finds inside the device. So instead of only following fixed instructions, the new worm can potentially make tactical decisions as it moves through people's devices and networks.
For example, it could potentially decide which device weakness to try, which credential to use to infiltrate a barrier, or which device to target next.
Is this AI worm already being used by hackers to attack people's devices?
While hackers are currently using AI mostly to support phishing campaigns and research into weaknesses they can exploit, Dehghantanha believes the U of T research points toward the next phase of threats — malware that does not simply follow instructions but makes tactical decisions.
"We should assume that serious actors are (already) experimenting with these ideas," he said.
While he says there is no need to panic, he believes this is an early warning about what could come, which means it should not be ignored either.
How to protect your devices
Even against advanced threats, Dehghantanha believes, users can protect themselves with simple and practical steps that starts with "closing the obvious doors."
These steps include:
- Keep devices and routers regularly updated with the latest updates and patches
- Use strong unique passwords and don't reuse passwords
- Enable multifactor authentication wherever possible
- Remove unused apps and services from your devices
- Change the default passwords on cameras, routers, printers, smart TVs and other smart home devices,
- Be careful about downloading software from links produced by search engines or AI chatbots
Protect all connected devices
Laptops, servers, routers, printers, cameras, industrial systems, and smart home devices all become part of the battlefield, he said.
"The more connected society becomes, the more one weak device can become the doorway into something much larger," he said.
"The right response is not fear; it is discipline, resilience, and faster modernization of our defences."
