What Building an AI Worm Taught Us About Stopping One
Kinnaird McQuade
fwd:cloudsec North America 2026 · Day 1
Kinnaird McQuade, Chief Security Architect at Beyond Trust, presented a groundbreaking talk at fwd:cloudsec detailing his experience building an autonomous, AI-powered worm. The motivation behind this audacious project was rooted in **gain of function research**, akin to how virologists weaponize viruses in a lab to develop vaccines. McQuade aimed to understand the full destructive potential of AI when leveraged for malicious purposes, specifically when AI agents begin making autonomous decisions within an attack chain, rather than merely assisting in attack generation. This proactive research is critical for anticipating and defending against a new generation of cyber threats that could fundamentally alter the landscape of cloud security.
AI review
McQuade did the actual work here — built the thing, ran it, measured it, and came back with receipts. This isn't 'AI could theoretically be used for attacks' hand-waving; it's a documented build cycle with benchmark scores, fine-tuning failures, model collapse episodes, and a C2-connected demo that deleted a cloud environment on command. For fwd:cloudsec's audience, this is exactly the kind of offensive-first research that forces defenders to update their priors.