The First AI Worm

I built a small bug hunting harness. Under 4MB, with everything packed in except the model itself, which lives behind an API call. It was made for pentesting, where you want something you can drop into any environment and run, without dragging a runtime and a dependency tree behind you.

That portability is a gift to the person doing authorized work. It is also the exact property a worm needs.

Let me be clear about intent. Rook was not built to spread. You hand it a target and a scope and it works the problem the way a researcher would. But it does not take a genius to see the other shape hiding in the same design. A tiny binary that lands on a machine, looks around, and finds the AI keys sitting in someone's environment.

Now it has a model. Now it can think on the target's dime.

The last piece is if it can rewrite itself. That sounds exotic but it is not. It is quite ordinary. I have already built self-modifying agents in another project, and the technique is plain. An agent that can read its own code, change it, and redeploy is a few hundred lines and a bit of care.

Put those together and you have something new. Earlier worms carried a fixed payload. They did one thing, the thing their author wrote, and you could write a signature for it once you caught a sample. An agent worm carries judgement. It reads the machine it landed on, decides what is worth doing there, and writes the next step itself. Two copies on two different networks behave differently, because each one is reasoning about what it sees rather than replaying a script.

I am not publishing a recipe, and I won't. The pieces are already public, and anyone serious has noticed the same thing I have. The reason to say it plainly is that defenders should be building for this now, while it is still a thought experiment, instead of after the first one is loose on a network.

It is not a question of if, but when.