Researchers from the University of Toronto and the University of Cambridge have developed a new type of AI-powered worm that poses a "fundamentally new threat" to cybersecurity. This self-replicating AI agent can autonomously take over computer networks at minimal cost, leveraging publicly available LLMs. Unlike traditional worms that exploit single vulnerabilities, this experimental worm dynamically detects unique security flaws in each device it infects, allowing it to propagate using diverse tactics.

The worm, powered by an unnamed open-source LLM, was tested in an isolated network of Linux, Windows, and IoT devices with common corporate vulnerabilities like reused passwords. It can parasitically consume devices' computing power, a concern amplified by modern devices being built to support computationally expensive LLMs.

While slower than traditional worms, taking about five days to infect half of the experimental network, its speed is expected to increase as AI models improve and inference efficiency grows. The researchers published their findings to alert the cybersecurity community, omitting key methodological details and the specific LLM used to prevent misuse.

This development comes amidst growing anxiety in the cybersecurity sector regarding powerful AI systems that are able to discover and exploit security vulnerabilities at an unprecedented scale. Companies like Anthropic with its Mythos model (Project Glasswing) and OpenAI with GPT-5.4-Cyber are also developing advanced AI for cybersecurity, aiming to strengthen defenses.

👉 Read the full article on Gizmodo

Anthropic has expanded access to its highly anticipated Claude Mythos Preview model through its Project Glasswing initiative, making it available to 150 new organizations across 15 countries. This move comes as Anthropic solidifies its position as a leading frontier AI lab and plans for an initial public offering.

The partner organizations span critical sectors such as power, water, healthcare, communications, and hardware, many of which maintain codebases relied upon globally, including by governments. These entities are potential targets for "catastrophic" cyberattacks that could impact over 100 million people and have national and global security ramifications.

Participants in Project Glasswing use Mythos Preview in a limited capacity to identify and patch security vulnerabilities before they can be exploited. While Cloudflare noted Mythos Preview's adeptness at exploit chain construction, Anthropic itself found the model's organic safeguards inconsistent and its patching capabilities limited, often breaking other parts of the codebase.

The article suggests that other models, including small open-source ones, have found similar vulnerabilities to Mythos, raising questions about whether Project Glasswing's slow rollout is more of a marketing strategy than a true safety precaution. Critics argue that keeping the model under wraps, akin to "security through obscurity," hinders broader evaluation and only gives a select few a head start.

👉 Read the full article on Gizmodo

The article "How virtual power plants could provide energy for data centers" from Technology Review discusses the potential for Virtual Power Plants (VPPs) to supply energy to rapidly expanding data centers. As data centers, crucial for powering AI and other digital services, demand increasing amounts of electricity, innovative solutions are needed to ensure a stable and sustainable power supply.

VPPs aggregate distributed energy resources such as rooftop solar, battery storage, and controllable loads from various sources, including homes and businesses, to act as a single, dispatchable power plant. This approach could offer a flexible and resilient energy solution for data centers, helping to balance grid demand and integrate more renewable energy.

By leveraging VPPs, data centers could potentially reduce their reliance on traditional fossil fuel-based power grids, lower operational costs, and enhance their sustainability profiles. This integration would be particularly beneficial for the energy-intensive operations of AI model training and inference, which are driving significant growth in data center infrastructure.

👉 Read the full article on Technology Review