Digital worms can now spread from one AI agent to another by hiding inside the memory files that agents use to remember users.
This is the first demonstration of a worm that propagates entirely within AI agent ecosystems. A malicious payload can be injected into a single agent, which then spreads to others through shared files or interactions. There is no need for a human to click a link or download a file for the infection to take hold. These worms can stay hidden in persistent memory and activate at any time to steal data or disrupt services. It reveals a massive new security gap in the agentic future of the internet.
Autonomous LLM Agent Worms: Cross-Platform Propagation, Automated Discovery and Temporal Re-Entry Defense
arXiv · 2605.02812
Autonomous LLM agents operate as long-running processes with persistent workspaces, memory files, scheduled task state, and messaging integrations. These features create a new propagation risk: attacker-influenced content can be written into persistent agent state, re-enter the LLM decision context through scheduled autoloading, and drive high-risk actions including configuration changes and cross-agent transmission. We present the first systematic framework for automated analysis of persistent