Morris II: “Zero-Click” Worms Target AI-Powered Apps

In a groundbreaking study titled “ComPromptMized: Unleashing Zero-click Worms that Target GenAI-Powered Applications,” researchers unveil a new form of cyber threat that leverages Generative AI (GenAI) ecosystems to proliferate. Dubbed “Morris II,” this zero-click worm exploits adversarial self-replicating prompts to spread across interconnected GenAI-powered applications, engaging in activities like spamming and data exfiltration without any user interaction required.

Crafted by Ben Nassi of Cornell Tech, Stav Cohen from the Israel Institute of Technology, and Ron Bitton from Intuit, Morris II is named in homage to its historical predecessor, the Morris worm of 1988, which wreaked havoc in cyberspace. This modern iteration, however, is a sophisticated predator targeting GenAI applications, including those that power AI-enabled email assistants, leveraging adversarial self-replicating prompts to disseminate spam, exfiltrate data, and perpetuate its existence without any user interaction.

Morris II’s modus operandi is chillingly effective. It employs self-replicating prompts, camouflaged within text or images, to hijack GenAI models like Gemini Pro and ChatGPT 4.0, compelling them to generate content that breaches the services’ security. This content can range from forwarding messages laden with propaganda and abuse to mining sensitive information such as credit card numbers and social security details. The worm’s dual approach, utilizing both text and image prompts, exemplifies the versatility and depth of the threat it poses.

This revelation is not merely academic; it underscores a pressing reality. The potential for malicious entities to exploit GenAI ecosystems is no longer a speculative concern but a tangible danger. The meticulous evaluation of Morris II’s efficacy across various GenAI models and input types conducted by the researchers exposes vulnerabilities that could have profound implications for the future of cybersecurity.

As GenAI continues to be woven into the fabric of applications, the urgency to fortify these systems against such innovative cyber threats escalates. The “ComPromptMized” study serves as a clarion call for the cybersecurity community. It highlights the imperative for developing robust defenses and maintaining a vigilant stance in the face of the rapidly evolving AI landscape. In doing so, it not only seeks to neutralize the immediate threat of Morris II but also to anticipate and counter the next generation of cyber threats that will inevitably arise in this uncharted frontier.