Richard Jenkins
March 6, 2024

The Morris II worm: A new AI threat shining a light on Generative AI-powered application security shortfalls

An international team, consisting of security researchers from the USA and Israel, has created a computer worm capable of automatic self-replication and targeting AI applications. It can compromise emails, distribute malware and steal data.  

Its name, Morris II, derives from the first ever computer worm created back in 1988. It has been developed to showcase the risks associated with Generative Artificial Intelligence (GenAI) such as Google’s Gemini and OpenAI’s ChatGPT.

How Morris II has evolved from the traditional worm

While the Morris II worm is similar to the regular ‘worm’ attacks we’re used to seeing, it has a unique ability to utilize the automatic actions of generative AI applications themselves to spread between different users or applications and/or steal data. This is a fascinating, yet alarming evolution. But how has this evolution come about?

Historically, worms have leveraged traditional security vulnerabilities in software, such as flaws in operating systems, applications and network devices to compromise users and their networks and devices.

With GenAI, the attack landscape has increased due to the increased number of applications making use of this technology. In this instance, the Morris II worm leverages specific vulnerabilities found in the deployment of GenAI technology and applications. For example, it takes advantage of Retrieval Augmented Generation (RAG) technologies utilized by the GenAI model itself to retrieve sensitive information from other sources.  

Why does the Morris II worm matter?

The creators of the Morris II worm have warned that it represents a new breed of ‘zero-click malware’. Individuals using GenAI applications do not have to click anything for a series of malicious events to be triggered. This could include:

  • The harvesting and stealing of sensitive data
  • The reading of emails that could contain secrets, compromising data or other sensitive topics
  • The performance of certain actions on a machine/network to further compromise an organization
  • The spread of the worm to other GenAI agents, applications, and users – further increasing the scope of attack.

What does this mean for Generative AI?

Generative Artificial Intelligence is certainly a hot topic. There is, in equal parts, excitement and concern over the capabilities that GenAI offers to the world. The announcement of such a significant vulnerability could seem, to some, like a fundamental problem with GenAI itself.  

However, in this instance it is important to remember:

1. That all new technologies introduce new security vulnerabilities – especially ones as complex and large as GenAI.  

2. That the vulnerability in question actually relates to application security, rather than with a fundamental failure of the GenAI models themselves. Application security is a more widely understood topic and best practices can be easily implemented to help mitigate against risks posed.  

How to defend against an attack like the Morris II worm?

As discussed above, the vulnerability lies within the application utilizing the GenAI model, not the model itself. Because of this, it is imperative that organizations and their security teams follow best practices for application security. Our top five recommendations include, but are not limited to:

1 - Code Review and Static Analysis:

  • Regularly review and analyze your code for vulnerabilities.
  • Use static analysis tools to identify potential security issues during the development phase.
  • Implement coding standards and best practices to reduce common security risks.

2 - Authentication and Authorization:

  • Enforce strong authentication mechanisms to verify the identity of users.
  • Implement proper authorization controls to ensure users only have access to the resources they need.
  • Use multi-factor authentication (MFA) where applicable to add an extra layer of security.

3 - Data Encryption:

  • Encrypt sensitive data both in transit and at rest to protect it from unauthorized access.
  • Utilize strong encryption algorithms and key management practices.
  • Implement secure protocols such as HTTPS to safeguard data during transmission.

4 - Regular Security Patching:

  • Keep all software, libraries, and frameworks up-to-date with the latest security patches.
  • Regularly check for and apply software updates to address known vulnerabilities.
  • Monitor security advisories from vendors and apply patches promptly.

5 - Security Testing:

  • Conduct regular security testing, including penetration testing and vulnerability assessments.
  • Perform automated and manual testing to identify and address potential security flaws.
  • Integrate security testing into the development lifecycle, including during the build and deployment processes.

Content Disarm and Reconstruction: how could it help to prevent a Morris II worm attack?

While our Glasswall Content Disarm and Reconstruction (CDR) technology isn’t a solution designed to work directly on application security, it can be used in tandem, with the best practices above, to remove harmful content from documents and files, and to fix high-risk file structures that could be used by malicious actors leveraging vulnerabilities in GenAI.

When validating structural content in files, Glasswall will look to correct malformed structures and remove hidden objects that are not conformant with the vendor’s standards.  

For instance, if an image has an abnormal height and width, then it could conceal additional data. In this case, as an example of remediation, Glasswall could cleanse the file of any hidden data.

Find out more about Glasswall CDR

Book a demo

Talk to us about our industry-leading CDR solutions

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.