“We discovered that it is possible to create an AI-driven computer worm, using only small, free AI models, that can autonomously identify each machine’s unique weak points (including vulnerabilities just reported by industry and misconfigurations such as reused passwords) and exploit them, hijacking computing power to take over regular devices such as laptops, cameras, and everything else online, and then copying itself onto servers and networks to either steal data or launch new attacks,” the research team from the University of Toronto’s CleverHans Lab said in their report. “We did this without using the newest, most powerful AI models. There is no single defence against this new threat.”
Building an agentic harness for offensive cyberattacks
While frontier models such as Claude Opus and GPT 5.5 offer million-token context windows and can reason for tens of minutes and even hours at a time to solve a single task, this approach does not work for locally hosted LLMs running on a single GPU. Their context windows are much smaller and generally exhibit weaker instruction-following abilities for agentic tasks.
Vibe-coding software developers who encountered these problems long ago have solved them by building custom harnesses and agentic frameworks that split complex software engineering projects into phases and steps, executed by multiple sub-agents in parallel that share results via some form of memory system, ranging from a markdown file to a database.
