I made a tiny ai bug hunting harness (<4MB) that has everything (except the model obviously). It was designed for pentesting purposes where the tiny size matters to make it more portable between environments.
The intended purpose is not to be used as a worm but it does not take a genius to figure out that with small modifications such a thing could work relatively well - especially if it uses AI keys from compromised targets. Making the agent self-modifiable is relatively straightforward task and in fact I already did that in another project.
It's not fully described how things work exactly, but apparently it does not transfer entire LLMs as part of the worm. Now that would be interesting :)
smokel
Palisade Research demonstrated this capability, including fully copying model weights, on May 7th, 2026
In the paper they say that the worm uses either existing vulnerabilities that it has been trained on or new published vulnerabilities that it scrapes. 44% claimed success.
The paper is a bit silent on why a such a worm would need an LLM. It seems that brute forcing all known vulnerabilities, script kiddie style on each new machine is about the same.
But apparently that info is too dangerous to release ...
rtnplan
Ah sweet, AI-made horrors beyond my comprehension
jameslk
You cannot possibly be a full-time academic and your last name be "Papernot"!
pbrum
Of course this is possible, but to use a botnet for intelligence compute is going to be slow. That's one thing we have going for us—it's going to take a long time for this bug to fumble through your network. But rest assured, eventually, it will pwn you.
arm32
ANY online device? Even assuming AI can find vulnerabilities in every operating system, there's no indication that this is actually true beyond a "here's how it could work"
This is the same nonsense that lead to article saying researchers had created a wormhole when all they had done was draw one.
I have a microcontroller with an ROM disk (i.e., physically read only). You're telling me that an AI can find a way around the physics of not being able to mutate ROM and exploit it?
malfist
I'm reminded of the universal computer viruses of Steve Barnes' SF stories, which ended up infecting people too.
comments (10)
The intended purpose is not to be used as a worm but it does not take a genius to figure out that with small modifications such a thing could work relatively well - especially if it uses AI keys from compromised targets. Making the agent self-modifiable is relatively straightforward task and in fact I already did that in another project.
https://github.com/chatbotkit/rook
_pdp_
It's not fully described how things work exactly, but apparently it does not transfer entire LLMs as part of the worm. Now that would be interesting :)
smokel
https://palisaderesearch.org/blog/self-replication
https://arxiv.org/abs/2605.06760
computerphage
The paper is a bit silent on why a such a worm would need an LLM. It seems that brute forcing all known vulnerabilities, script kiddie style on each new machine is about the same.
But apparently that info is too dangerous to release ...
rtnplan
jameslk
pbrum
arm32
This is the same nonsense that lead to article saying researchers had created a wormhole when all they had done was draw one.
I have a microcontroller with an ROM disk (i.e., physically read only). You're telling me that an AI can find a way around the physics of not being able to mutate ROM and exploit it?
malfist
pfdietz
throwaway81523