AI-driven worm reasons at runtime and self-replicates across a 33-host test network
Technical Analysis
Summary
Hide ▲
Show ▼
Researchers demonstrated a proof-of-concept AI-driven worm that reasons at runtime and self-replicates, showing adaptive host-to-host spread across a 33-host vulnerable test network. The prototype raises the risk of runtime exploit generation, fresh-advisory weaponization, and GPU-assisted propagation without a fixed exploit chain.
Related Happenings
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Underground AI services emerge with jailbroken APIs and MCP servers
Threat Actor Meta
First: 12.02.2026 14:45
Last: 12.02.2026 14:45
Sources 1
About this happening:
**Underground AI services** are emerging on **marketplaces** with a model that hides **jailbroken commercial APIs** and **open-source MCP servers**, expanding access to **malware*...
Underground AI services emerge with jailbroken APIs and MCP servers
Threat Actor MetaAbout this happening: **Underground AI services** are emerging on **marketplaces** with a model that hides **jailbroken commercial APIs** and **open-source MCP servers**, expanding access to **malware*...
AiFWall launches free basic AI firewall for agentic AI deployments
Security Tool/Service
First: 21.01.2026 16:09
Last: 21.01.2026 16:09
Sources 1
About this happening:
**aiFWall Inc** emerged from stealth on **January 21, 2026**, making the basic **aiFWall** product free and adding a new control for **agentic AI deployments**. The launch matters...
AiFWall launches free basic AI firewall for agentic AI deployments
Security Tool/ServiceAbout this happening: **aiFWall Inc** emerged from stealth on **January 21, 2026**, making the basic **aiFWall** product free and adding a new control for **agentic AI deployments**. The launch matters...
PROMPTFLUX Gemini self-modifying VB Script malware
Malware Activity
First: 05.11.2025 17:33
Last: 05.11.2025 17:33
Sources 1
About this happening:
The **PROMPTFLUX** malware family uses the **Gemini API** to generate **VB Script** obfuscation and evasion code for just-in-time self-modification, weakening static signature-bas...
PROMPTFLUX Gemini self-modifying VB Script malware
Malware ActivityAbout this happening: The **PROMPTFLUX** malware family uses the **Gemini API** to generate **VB Script** obfuscation and evasion code for just-in-time self-modification, weakening static signature-bas...
SesameOp backdoor abuses OpenAI Assistants API
Malware Activity
First: 03.11.2025 20:35
Last: 03.11.2025 20:35
Sources 1
About this happening:
The **SesameOp** backdoor now uses the **OpenAI Assistants API** as a covert **command-and-control** channel, giving operators durable remote access inside compromised environment...
SesameOp backdoor abuses OpenAI Assistants API
Malware ActivityAbout this happening: The **SesameOp** backdoor now uses the **OpenAI Assistants API** as a covert **command-and-control** channel, giving operators durable remote access inside compromised environment...
Timeline
-
09.06.2026 14:59 2 articles · 3h ago
Researchers demonstrate a self-replicating AI worm on a 33-host test network
Initial DisclosureUniversity of Toronto researchers built and tested a proof-of-concept AI-driven worm that used a locally hosted open-weight LLM to inspect exposed services, read fresh advisories, generate tailored attack logic, and self-replicate across an isolated 33-host FakeCorp network. The prototype found an average of 31.3 vulnerabilities, gained elevated access on 23.1 hosts, replicated to 20.4 hosts over seven days, and rewrote its own code to bypass local security controls; the team also showed runtime exploitation of CVE-2026-39987, CVE-2026-31431, CVE-2026-43284, and CVE-2026-43500 after the model's training cutoff.
Show sources
- Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models — thehackernews.com — 09.06.2026 14:59
- Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models — thehackernews.com — 09.06.2026 14:59