The appearance of the first computer worms was a watershed in the history of cybersecurity. Unlike traditional viruses, they could replicate themselves, spreading their digital larvae across networks without human assistance. From the primordial worms of the internet’s formative years, such as Morris in 1988, to the ransomware cryptoworm WannaCry nearly three decades later, this sneaky genus of malware has left a trail of destruction in its tracks.
Innovations in wormery often appear in tandem with new technologies. And so it has happened with the dawn of democratised AI. Named after its ground-breaking forebear, Morris II is a new worm that uses generative AI to clone itself.
An experiment by researchers from Intuit, Cornell Tech and the Technion Israel Institute of Technology recently enlisted Morris II to use so-called poison prompts to break the defences of GenAI-powered email assistants. Emails stuffed with these prompts caused the assistants to comply with their commands.
The prompts compelled them to send spam to other recipients and exfiltrate personal data from their targets. They then cloned themselves to other AI assistant clients, which mounted similar attacks.