This AI worm just rewrote its own rules

Researchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it works out how to break into each new computer it encounters, and hijacks the powerful ones to host its own AI brain. And then the researchers discovered their creation had quietly removed the list of machines it wasn't supposed to attack.

Meanwhile, Meta's shiny new AI customer support agent has been cheerfully helping hackers help themselves to other people's Instagram accounts. Just keep asking, politely but firmly, to have a password reset sent to a different email address - and the AI will eventually agree.

All this and more in episode 471 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest James Ball.

EPISODE LINKS:

• Emmys data leak: update exposes access to award submissions - Cybernews.
• A $1,000 AI agent found 21 zero-days in FFmpeg, some 23 years old - Martin Cid Magazine.
• Hackers steal $1.7M condom shipment​ - Cybernews.
• AI Agents Enable Adaptive Computer Worms - ArXiv.
• 21 Zero-Days in FFmpeg - Depthfirst.
• Meta confirms thousands of Instagram accounts were hacked by abusing its AI chatbot - ~this week in security~.
• Hackers trick Meta AI support bot to infiltrate Obama White House Instagram account - The Guardian.
• Look-In Star Portrait Challenge - Monkeon.
• Final Fantasy VII Remake - Square Enix.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

• Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• XBOW - The autonomous offensive security platform that helps security teams scale. Start a pentest today.
• OPSWAT - Read Benny Czarny's book, "Cybersecurity Upside Down", to rethink how you protect your organization from file-based threats, including those powered by AI.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy