Researchers create AI worms that can spread from one system to another

### Executive summary Researchers demonstrated a proof-of-concept generative-AI worm that uses adversarial self-replicating prompts to poison email-assistant databases via RAG-enabled LLM workflows. Two methods were shown: embedding a self-replicating prompt in text that causes LLM responses to exfiltrate and propagate sensitive email data, and encoding a malicious prompt inside images so forwarded emails can automatically infect new clients.