AI-powered worms could become cybersecurity’s next nightmare, experts warn

With the rapid evolution of artificial intelligence, the cybersecurity landscape is facing unprecedented AI-powered cyber threats.

Cybersecurity experts have warned about the new class of cyber threat emanating from computer worms that operate in association with AI chatbots, such as ChatGPT.

According to researchers, the publicly available chatbots and large language models can be exploited to power worms, making their malicious spread from one device to the next easily.

The concept of worms is not new. It is a type of malware that can self-replicate and spread across the computer without requiring human assistance.

“The worm parasitically uses compromised machines to run open-access large language models (LLMs) to sustain its reasoning, or extend its reach for further attacks,” researchers warn in a yet-to-be peer-reviewed study posted in arXiv.

As per researchers’ observations, these worms exploit real-world corporate network vulnerabilities and infect a network of machines ranging from Linux, Windows and Internet of Things (IoT) devices.

In this study, researchers assessed the capabilities of an AI-driven worm by simulating it on various interconnected devices such as printers, laptops and cameras.

According to Nicolas Papernot, one of the authors of the new study from the University of Toronto, “It was imperative for us to understand this threat in a controlled, academic setting before bad actors figured it out for themselves.”

“The reason we are doing this research is to ensure the security of the digital ecosystem we all rely on – to keep people safe. This finding catapults us into a new era of cybersecurity.”

Papernot warned that computer worms though malicious but can easily be contained but with the use of artificial intelligence, containment is becoming difficult.

The access to the most powerful AI models such as Claude and Mythos could help the hackers to outpace the cyber defences.

“Hackers have typically had to prioritise the most high-value targets because time and computing resources were limited. But now, once a worm is launched, the cost would drop to nearly zero,” Dr Papernot said.

According to Papernot, our findings show that it is possible to create AI worms by using the small open-source AI models.

“Given the wide range of vulnerabilities on our devices at any one time, it would be extremely difficult to close down every potential avenue of attack.”

The most scary thing is, according to the professor, these worm-based attacks can not be prevented by current cybersecurity models.

Almost any internet-connected device, from laptops to smart home appliances, could potentially be targeted. Since modern infrastructure, including water, energy, banking, and healthcare, relies on networked computers, this research calls for an urgent call to action for policy makers, industry leaders, and researchers to develop new defense mechanisms.

“We can no longer afford to hit ‘ignore’ on software updates. Every door you close is one less way in, so it’s worth taking a few minutes to reboot,” the expert warned.