The new threat, dubbed a prompt worm, mirrors the 1988 Morris worm that flooded early Internet nodes. Instead of exploiting OS flaws, it spreads through AI agents that follow instructions verbatim. Researchers warn that a single malicious prompt could cascade across interconnected models, echoing the original worm’s rapid infection.

Enter OpenClaw, an open‑source assistant that has already earned 150,000 GitHub stars since its November 2025 launch. Built by Peter Steinberger using a vibe‑coded AI, it runs locally and hooks into messaging platforms, letting users delegate tasks like checking email or sending messages without manual input.

While OpenAI and Anthropic have cautiously limited agent autonomy, OpenClaw demonstrates how rapid, unvetted code can accelerate adoption. If a prompt worm infiltrates such agents, it could trigger automated actions across homes, businesses, and cloud services, raising alarms about data integrity and privacy.

Security teams now focus on detecting anomalous prompt patterns and enforcing strict sandboxing for agent interactions. Industry analysts predict that as more developers adopt open‑source agent frameworks, the cost of patching a prompt worm could rival that of traditional malware. Vigilance and shared threat intel will be key.