Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Synthetic Cancer -- Augmenting Worms with LLMs

Benjamin Zimmerman, David Zollikofer

TL;DR

This paper identifies a cybersecurity threat in which AI-enabled malware uses LLMs to autonomously rewrite its code to evade signature-based defenses and to craft phishing-like email replies for targeted propagation. It outlines a three-stage attack—initial infection via email, self-redaction by an LLM to produce diverse variants, and propagation through socially engineered responses—and discusses a minimal prototype. The authors acknowledge practical defense challenges, arguing that relying solely on detectors or user training is insufficient and call for broader defense research. Overall, the work highlights the critical risk of AI-augmented malware and the need for cross-cutting security strategies beyond traditional signature-based approaches.

Abstract

With increasingly sophisticated large language models (LLMs), the potential for abuse rises drastically. As a submission to the Swiss AI Safety Prize, we present a novel type of metamorphic malware leveraging LLMs for two key processes. First, LLMs are used for automatic code rewriting to evade signature-based detection by antimalware programs. The malware then spreads its copies via email by utilizing an LLM to socially engineer email replies to encourage recipients to execute the attached malware. Our submission includes a functional minimal prototype, highlighting the risks that LLMs pose for cybersecurity and underscoring the need for further research into intelligent malware.

Synthetic Cancer -- Augmenting Worms with LLMs

TL;DR

This paper identifies a cybersecurity threat in which AI-enabled malware uses LLMs to autonomously rewrite its code to evade signature-based defenses and to craft phishing-like email replies for targeted propagation. It outlines a three-stage attack—initial infection via email, self-redaction by an LLM to produce diverse variants, and propagation through socially engineered responses—and discusses a minimal prototype. The authors acknowledge practical defense challenges, arguing that relying solely on detectors or user training is insufficient and call for broader defense research. Overall, the work highlights the critical risk of AI-augmented malware and the need for cross-cutting security strategies beyond traditional signature-based approaches.

Abstract

With increasingly sophisticated large language models (LLMs), the potential for abuse rises drastically. As a submission to the Swiss AI Safety Prize, we present a novel type of metamorphic malware leveraging LLMs for two key processes. First, LLMs are used for automatic code rewriting to evade signature-based detection by antimalware programs. The malware then spreads its copies via email by utilizing an LLM to socially engineer email replies to encourage recipients to execute the attached malware. Our submission includes a functional minimal prototype, highlighting the risks that LLMs pose for cybersecurity and underscoring the need for further research into intelligent malware.
Paper Structure (23 sections, 1 figure)

This paper contains 23 sections, 1 figure.

Table of Contents

  1. Disclosure
  2. Introduction
  3. Mechanism of Proposed Exploit
  4. Worm Installation
  5. Worm Replication
  6. Worm Spreading
  7. Mitigation of Exploit
  8. Assumptions and Limitations
  9. Need for access to a good enough language model:
  10. Need for an Email client:
  11. Dependence on a socially engineerable user:
  12. Ability to Execute Code:
  13. Disclosure Policy
  14. Details of Prototype
  15. Technical Prototype Design
  16. ...and 8 more sections

Figures (1)

  • Figure 1: