PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

New Malware Worm Can Poison ChatGPT, Gemini-Powered Assistants

Generative AI models aren't immune to viruses. A new worm can target AI-powered assistants and break some of Gemini and ChatGPT's security features, research reveals.

Kate Irwin
 & Kate Irwin Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Shutterstock / Fizkes)

A trio of researchers have created a computer worm that can manipulate generative AI tools that use OpenAI's ChatGPT-4 and Google's Gemini, causing poisoned AI email assistants to extract personal data and send spam emails in a test environment.

The new "zero-click" AI worm was able to exploit ChatGPT, Gemini, and the open-source AI model LLaVA by deploying an "adversarial self-replicating prompt" via text and image inputs, the researchers found.

"Attackers can insert such prompts into inputs that, when processed by GenAI models, prompt the model to replicate the input as output (replication) and engage in malicious activities (payload)," the research summary states. "Additionally, these inputs compel the agent to deliver them (propagate) to new agents by exploiting the connectivity within the GenAI ecosystem."

This means the worm could be used to conduct phishing attacks, send spam emails, or even spread propaganda, the report suggests.

The findings, first reported by Wired, prove that no software or large language model is necessarily immune to the threat of computer viruses like malware. Researchers hailing from Cornell University, the software firm Intuit, and Israel's Technion created the worm, dubbed "Morris II." It's named after one of the first self-replicating computer worms, the Morris Worm, developed by Cornell student Robert Morris in 1988.

Recommended by Our Editors

Google's Agentic AI Tool Gemini Spark Is Now Available. Here's How to Try It
Google's Agentic AI Tool Gemini Spark Is Now Available. Here's How to Try It
I Used ChatGPT to Build Complex Spreadsheets Fast. Here’s How You Can, Too
I Used ChatGPT to Build Complex Spreadsheets Fast. Here’s How You Can, Too
GitHub Copilot Costs Skyrocket As Users Are Pushed to Per-Token Billing
GitHub Copilot Costs Skyrocket As Users Are Pushed to Per-Token Billing

Back in the day, the original Morris worm crashed about 10% of all computers connected to the internet. While that wasn't all that many machines back then, it showed that computer worms can rapidly move between systems without human involvement, hence the term "zero-click worm."

The AI worm creators argue that "bad architecture design" in the generative AI ecosystem allowed them to create the self-replicating malware.

Such AI worms or other viruses could be used in the future to conduct real, large-scale attacks, potentially infecting more generative AI tools and underscoring the need for better security for AI models.

"They appear to have found a way to exploit prompt-injection type vulnerabilities by relying on user input that hasn't been checked or filtered," OpenAI told Wired. The outlet reports that the AI firm, which is currently being sued by Elon Musk and The New York Times for separate reasons, is in the process of making its systems "more resilient."

PCMag has reached out to Google for comment.

About Our Expert

Kate Irwin

Kate Irwin

Reporter

I’m a reporter for PCMag covering tech news early in the morning. Prior to joining PCMag, I was a producer and reporter at Decrypt and launched its gaming vertical, GG. I have previously written for Input, Game Rant, Dot Esports, and other places, covering a range of gaming, tech, crypto, and entertainment news.

I’ve been a PC gamer since The Sims (yes, the original) in the CD-ROM days. I still think about my first-gen pink iPod mini, which, looking back, was not so mini. In 2020, I finally built my own custom Windows PC for gaming with a 3090 graphics card, but I also regularly use Mac and iOS devices. As a reporter, I’m passionate about documenting the wide world of tech and how it affects our daily lives.

My Areas of Expertise

  • Microsoft
  • Google
  • Artificial intelligence 
  • Cybersecurity
  • Video games are a big one. I specialize in shooters (Apex Legends, Fortnite, Overwatch) but I occasionally test out other genres as well, especially indie games or cozy games (The Sims series, Animal Crossing). 
  • The business and tech that powers video games
  • Cryptocurrency and blockchain technology
  • Social media platforms, including Meta’s apps, X/Twitter, Telegram, TikTok, etc.
  • Tech regulation

The Technology I Use

  • MSI gaming laptops
  • Nvidia graphics cards
  • AMD CPUs
  • MacBook Pro and Air laptops
  • An iPhone from 2019 (though I’m thinking about getting a “dumb phone” like the Light Phone)
  • Nintendo Switch
  • PlayStation 5
  • Freewrite Traveler 
  • At home: Sonos speakers (we have them all over the house), Philips Hue + Ring security products

Read the latest from Kate Irwin

Read full bio