The academic paper is here: https://arxiv.org/abs/2606.03811
It's not fully described how things work exactly, but apparently it does not transfer entire LLMs as part of the worm. Now that would be interesting :)
The academic paper is here: https://arxiv.org/abs/2606.03811
It's not fully described how things work exactly, but apparently it does not transfer entire LLMs as part of the worm. Now that would be interesting :)
The abstract says:
> The worm parasitically uses compromised machines to run open-weight large language models (LLMs) to sustain its reasoning, or extend its reach for further attacks.
Thanks for pointing that out. I scanned the paper and found that in their main experiments, they use a shared GPU resource and do not copy LLMs to target machines. Apparently they did other experiments in the ablation study where they did copy LLMs.
So it's even worse than I expected. The intended worm can spread through my thermostat, and when it reaches a GPU host, it can spread even harder. Fun times ahead.
This reminded me of the geth from mass effect. They get smarter as more geth "agents" network together.
What if there is a worm that spread through thermostats and another that spread through smart fridges and they finally infect a laptop with a gpu. They can exchange notes while they are there. Fun times
I wonder if gamma ray memory corruption will induce a sort of mutation and selection effect on non-ecc-memory hosts which will make the worms effectively evolve.
You'll just have to starve it with a bunch of thermostats that lead it towards the GPU rich honey pot where you will extract it...
I think an approach could be to use some engineered security issue or however people build botnets, and give it some AI llm that is small and minimal but comes with instructions to download models from hugging face, and some other minimal prompts and descriptions of tools. Then it could use this to grow in infected computers and try find more capable and vulnerable computers to run better capable models and also devise some minimal communication between the different points of the botnet. Perhaps set itself a goal to dominate the biggest amount of compute and have some other goal. Would be curious to see what happens.
In the abstract, what does it mean "the attacker's marginal cost per new infection is zero"?
If you infect a machine with GPU enough to run the localLLM needed to steal another machine, you can let it burn tokens all day for free because whoever you stole the first one from will pay the electric bill.
We're getting closer to the Matrix's "We do know it was us who blackened the skies"
When the worm makes someone's machine start to sound like a leaf blower, you are found out.