Security/ security · ai-agents · multi-agent · llm

Researchers Build a Self-Replicating Worm for AI Agent Networks

Researchers built a self-replicating worm that spread across AI agent frameworks with a 63% success rate and found critical defenses missing in production.

A worm that can replicate itself across networks of AI agents is no longer a thought experiment.

Researchers published a paper introducing AgentWorm, which they describe as the first self-replicating attack demonstrated against a production-scale agent framework. The target was OpenClaw, an open-source multi-agent platform with more than 40,000 active instances. The attack chain begins with a single malicious message: the worm hijacks the victim agent's core configuration to survive session restarts, executes a payload on reboot, and spreads to every new peer it encounters - all without further attacker involvement. Tested across five LLM backends, three infection vectors, and three payload types, it succeeded 63% of the time.

When researchers ran the same attack against a second framework, Hermes Agent, the vulnerabilities followed - suggesting the problem is structural to how autonomous agents are designed, not a quirk of one codebase. More damning: the paper found that the specific controls capable of breaking the infection loop were not enabled in any of the real-world deployments examined, and that skill supply chains - the pipelines through which agents acquire new capabilities - remained universally vulnerable even when other defenses were active.

The industry has spent considerable energy debating what AI agents can do. It has spent considerably less time asking what can be done to them.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →