What does the world's first AI worm mean for you?

The Creeper program is generally considered the world's first computer virus. Born as an experiment in 1971, it infected computers and slowed operations to a crawl. Reaper was the world's first antivirus, designed to destroy it.
The battle has waged on ever since.
There was the Brain virus from 1986, which spread through floppy disks and flashed alarming messages of infection on home computers (while also slowing them down). Then came the Morris Worm, a self-replicating program created at Cornell University, as part of an unofficial experiment, in 1988. It swept the world, slowing computers down to such a degree that a single email could take days to send.
Fast-forward to 2024, and a new beast has emerged, from a joint experiment conducted by Cornell, the Technion-Israel Institute of Technology and the software company Intuit. Named Morris II, it is being called the world's first generative AI worm.
The self-replicating bug has shown the ability to spread rapidly through AI-powered email, and target generative AI platforms such as ChatGPT and Google Gemini.
The way it creeps around is quite sinister. It essentially hides, somewhat like a shadow, in common chatbot and AI assistant prompts. When this prompt is issued by a generative AI model, and accepted by a user, it triggers a shadow instruction alongside. The shadow prompt may instruct the AI program to hand over data, alter code, or help the worm itself replicate.
Additionally, any time such a prompt is used to create an email or other such output, the worm spreads seamlessly to every recipient of that content.
Morris II isn't out there prowling yet. Researchers Ben Nassi, Stav Cohen and Ron Bitton created it in a controlled environment for the same reason many of their predecessors did this: to highlight levels of risk, and raise an alarm.
The really alarming thing, this time around, is that the worm may wreak its damage invisibly, without the user ever knowing it was there. It could also potentially 'learn' as it goes, finding new ways to infiltrate systems, and evade detection.
In a report released in April, cyber-security company Check Point Software has already noted that AI-driven malware could exploit vulnerabilities in real time, making traditional signature-based antivirus tools nearly obsolete.
This cat-and-mouse game isn't new. Traditional worms such as WannaCry, the ransomware that first appeared in 2017, cost billions in damages across hospitals, banks and governments, in this way. But AI raises the stakes
Track and shield
Unsurprisingly, security firms are already racing to harness AI to outsmart AI. Amid this race, consultancy firm McKinsey estimates that cybersecurity solutions, which companies around the world spent about $150 billion on in 2021, could soon be a market worth as much as $2 trillion.
Among the weapons emerging on the good side, in this battle, are virtual private networks or VPNs. In addition to anonymising a user's web-browsing data and providing a layer of security for information sent and received, companies such as ExpressVPN, Proton and Nord are evolving to offer clients solutions that will protect not just smartphones and computing devices but also smart TVs, appliances and home systems.
ExpressVPN, for instance, rolled out an 'AI shield' late last year that uses artificial intelligence to predict and neutralise zero-day exploits (which is when a new bug or vulnerability in a system is exploited, in the hours before it is fixed).
Traditional antivirus companies are responding to the shifting landscape too. Market leaders such as McAfee and Norton are working to provide advanced AI-led protection against AI-led threats, with a special focus on text messages, phone calls, email and web browser use.
We aren't at the point of dos and don'ts yet. It is still unclear what the threats may look like. But watch this space. It will pay to know all you can.
Because this time, it may not even take a click from you to change your world.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

News18

4 days ago

• News18

Meet Eshan Chattopadhyay, Indian-Origin Cornell Professor, IIT Grad, Awarded Gödel Prize

Last Updated: From IIT-Kanpur to Gödel Prize: Eshan Chattopadhyay's work reshapes randomness and complexity theory. Eshan Chattopadhyay, an Indian-origin computer scientist and associate professor at Cornell University, has won the 2025 Gödel Prize. The Gödel Prize is one of the top honours in theoretical computer science. He shares the award with David Zuckerman of the University of Texas at Austin for a groundbreaking paper that tackles a long-standing challenge in computing: how to generate high-quality randomness from unreliable or weak sources. The research paper, titled 'Explicit Two-Source Extractors and Resilient Functions", was first presented in 2016 at the ACM Symposium on Theory of Computing, where it won the Best Paper award and was later published in the Annals of Mathematics in 2019. Chattopadhyay's work dives into randomness extraction, a crucial area in computer science and cryptography. One may think of it like this: if one had two rigged coins, this method would still find a way to give them fair, unpredictable outcomes. Though it might sound abstract to the uninitiated, its real-world impact is massive. Good randomness is the foundation of everything from secure communications and encryption to complex algorithms and data privacy. Without it, modern digital infrastructure becomes fragile. The paper's ideas have helped reshape how researchers approach pseudo-randomness, complexity theory and secure system design. Chattopadhyay, who did his BTech from IIT-Kanpur in 2011 and PhD from the University of Texas, has also held prestigious research positions at the Institute for Advanced Study in Princeton and the Simons Institute in Berkeley. Reacting to the award, he told Cornell it felt 'surreal and gratifying" to see his work recognised on such a global stage, as reported by LiveMint. The prize is jointly awarded by Special Interest Group on Algorithms and Computation Theory (ACM SIGACT) and the European Association for Theoretical Computer Science. The prize includes a $5,000 award. It recognises papers that have made lasting contributions to the field, both in theory and long-term relevance. Get breaking news, in-depth analysis, and expert perspectives on everything from geopolitics to diplomacy and global trends. Stay informed with the latest world news only on News18. Download the News18 App to stay updated!

Mint

5 days ago

• Mint

Who is Eshan Chattopadhyay? All about Indian-origin professor awarded prestigious Godel Prize

Eshan Chattopadhyay, an Indian-origin computer scientist and associate professor at Cornell University, has received the 2025 Gödel Prize—one of the highest recognitions in the field of theoretical computer science. He shares the award with David Zuckerman of the University of Texas at Austin for their influential research on randomness extraction—an area crucial to encryption, cybersecurity, and algorithm design. The award was given for his breakthrough research paper titled 'Explicit Two-Source Extractors and Resilient Functions', which addresses a key challenge in computer science: how to generate high-quality randomness from unreliable sources, critical for secure computing and cryptographic systems. Published initially at the ACM Symposium on Theory of Computing (STOC) in 2016, where it also won the Best Paper award, and later in the Annals of Mathematics in 2019, the paper introduced new techniques that have since shaped major advances in pseudo-randomness and complexity theory. Chattopadhyay completed his BTech in computer science from IIT Kanpur in 2011, followed by a PhD at the University of Texas in 2016. He later held postdoctoral positions at the Institute for Advanced Study in Princeton and the Simons Institute for the Theory of Computing at UC Berkeley, two of the most prominent institutions in the field. Named after legendary logician Kurt Gödel, the Gödel Prize is jointly awarded by the ACM SIGACT and the European Association for Theoretical Computer Science. It honours papers that have made lasting contributions to the field of theoretical computer science. The research deals with randomness extraction- a fundamental concept in computer science and cryptography. It focuses on creating reliable randomness from two flawed or weak random sources, a challenge that has implications for everything from encryption systems to algorithm design. In simple terms, imagine flipping two unfair coins and still being able to extract fair, unpredictable results. That's the essence of what Chattopadhyay and Zuckerman achieved, turning weak inputs into strong, usable randomness. He told Cornell University that the recognition is an incredible honour. He shared that it feels 'surreal and gratifying' that the paper was placed in that category.

NDTV

6 days ago

• NDTV

Iran Asks Citizens To Delete WhatsApp, Cites Israel Link. Company Responds

Iranian state television on Tuesday afternoon urged people to remove WhatsApp from their smartphones, alleging without specific evidence that the messaging app gathered user information to send to Israel. In a statement, WhatsApp said it was "concerned these false reports will be an excuse for our services to be blocked at a time when people need them the most." WhatsApp uses end-to-end encryption, meaning a service provider in the middle can't read a message. "We do not track your precise location, we don't keep logs of who everyone is messaging and we do not track the personal messages people are sending one another," it added. "We do not provide bulk information to any government." End-to-end encryption means that messages are scrambled so that only the sender and recipient can see them. If anyone else intercepts the message, all they will see is a garble that can't be unscrambled without the key. Gregory Falco, an assistant professor of engineering at Cornell University and cybersecurity expert, said it's been demonstrated that it's possible to understand metadata about WhatsApp that does not get encrypted. "So you can understand things about how people are using the app and that's been a consistent issue where people have not been interested in engaging with WhatsApp for that (reason)," he said. Another issue is data sovereignty, Falco added, where data centers hosting WhatsApp data from a certain country are not necessarily located in that country. It's more than feasible, for instance, that WhatsApp's data from Iran is not hosted in Iran. "Countries need to house their data in-country and process the data in-country with their own algorithms. Because it's really hard increasingly to trust the global network of data infrastructure," he said. WhatsApp is owned by Meta Platforms, the parent company of Facebook and Instagram. Iran has blocked access to various social media platforms over the years but many people in the country use proxies and virtual private networks, or VPNs, to access them. It banned WhatsApp and Google Play in 2022 during mass protests against the government over the death of a woman held by the country's morality police. That ban was lifted late last year. WhatsApp had been one of Iran's most popular messaging apps besides Instagram and Telegram.