alt Hacker NewsU of T researchers demonstrate AI worm could target any online device
Comments
In the paper they say that the worm uses either existing vulnerabilities that it has been trained on or new published vulnerabilities that it scrapes. 44% claimed success.
The paper is a bit silent on why a such a worm would need an LLM. It seems that brute forcing all known vulnerabilities, script kiddie style on each new machine is about the same.
But apparently that info is too dangerous to release ...
The academic paper is here: https://arxiv.org/abs/2606.03811
It's not fully described how things work exactly, but apparently it does not transfer entire LLMs as part of the worm. Now that would be interesting :)
Ah sweet, AI-made horrors beyond my comprehension
You cannot possibly be a full-time academic and your last name be "Papernot"!
ANY online device? Even assuming AI can find vulnerabilities in every operating system, there's no indication that this is actually true beyond a "here's how it could work"
This is the same nonsense that lead to article saying researchers had created a wormhole when all they had done was draw one.
I have a microcontroller with an ROM disk (i.e., physically read only). You're telling me that an AI can find a way around the physics of not being able to mutate ROM and exploit it?
I'm reminded of the universal computer viruses of Steve Barnes' SF stories, which ended up infecting people too.
sorry, but i had to do this…
is this papernot’s first paper?
[dead]
Did people doubt that this was theoretically possible? Seems self-evident to me. The interesting thing will be seeing it in the real world rather than in a controlled environment where they deliberately made all devices on the network have a known vulnerability.
"Hey Honey look, I created Skynet!"
Ah yes, viral AI gain-of-function research in a secure lab. What could go wrong?
Next up:
Obvious pattern of using ai to replace human reasoning in a proven methodology of malware distribution, C&C, and network infiltration obviously possible, say researchers.
Researchers use AI to create the torment nexus using commodity hardware, demonstrating the very real threat that AI could enable attackers to create torment nexus nodes using commodity hardware. “It wasn’t even that hard !“ says one researcher. Firmware available to qualified researchers who pinky swear that it will not be leaked.
Researchers set fire to laboratory with gasoline, killing seven volunteer victims, demonstrating that laboratory fires are a real risk and can carry significant consequences, especially when gasoline is involved.
Just because you can, doesn’t mean you should.
I made a tiny ai bug hunting harness (<4MB) that has everything (except the model obviously). It was designed for pentesting purposes where the tiny size matters to make it more portable between environments.
The intended purpose is not to be used as a worm but it does not take a genius to figure out that with small modifications such a thing could work relatively well - especially if it uses AI keys from compromised targets. Making the agent self-modifiable is relatively straightforward task and in fact I already did that in another project.
https://github.com/chatbotkit/rook