In a groundbreaking development, researchers at the University of Toronto have created an AI-powered computer worm that poses significant threats to cybersecurity. This worm operates autonomously, generating tailored attack strategies without any human intervention. It hijacks compromised machines and utilizes open-weight large language models (LLMs) to reason and expand its reach. Within just one week, the worm was able to infiltrate nearly three-quarters of the machines on a network and establish a permanent presence on about two-thirds of them. This capability is unprecedented, as it can read and exploit new vulnerabilities in real-time, similar to the advisories that security teams monitor. Experts in the field, including Gary McGraw, CEO of the Berryville Institute of Machine Learning, have expressed concerns that this development marks a significant shift in the landscape of cybersecurity. Unlike traditional worms that exploit specific vulnerabilities, this AI-driven worm can target any bug it discovers, making it a more formidable threat. The implications of this technology are profound, as it reduces the expertise required to create autonomous offensive capabilities, which could lead to an increase in cyberattacks. While the researchers demonstrated the worm's ability to spread in a controlled environment, they acknowledged that real-world defenses, such as monitoring and authentication barriers, could alter the outcomes. However, McGraw emphasized that the cybersecurity industry must take this threat seriously, as the capabilities of AI in offensive operations are rapidly evolving. He pointed out that the historical context of the Morris worm from 1988 serves as a reminder of the potential for widespread disruption. To combat these emerging threats, security teams are urged to invest in software fixes and enhance their defensive strategies. McGraw highlighted the need for organizations to recognize the urgency of addressing vulnerabilities, as attackers become increasingly automated and efficient. Despite the challenges, defenders still have advantages, such as the ability to detect unusual network traffic caused by the movement of large AI model files. Ultimately, the call to action is clear: organizations must prioritize fixing their software to mitigate the risks posed by AI-powered worms.