Answer

An AI worm is a type of malicious software that exploits AI systems — particularly LLM-powered applications — to propagate itself from one system to another without human interaction. Unlike traditional malware that targets operating systems directly, AI worms typically work by injecting malicious instructions into content that an AI will read and act on.

The core technique is called prompt injection: an attacker embeds hidden instructions in something the AI processes — like an email, a document, or a web page. When the AI reads it, it follows those instructions, potentially exfiltrating data, generating new infected messages, or triggering actions across connected tools and agents.

This is especially concerning as agentic AI systems become more common. When an AI has access to email, files, or APIs and can act autonomously, a single injected prompt can cascade across an entire network of connected devices or accounts — all without any human ever clicking a link.