On November 2, 1988, Robert Morris released a self-replicating program known as the Morris worm, which quickly infected about 10% of connected computers, disrupting major systems at institutions like Harvard and NASA. Morris intended to assess the Internet’s size, but a coding mistake led to rapid replication. By the time he attempted to send a fix, the network was too congested to receive it. Now, a similar threat looms with AI agents capable of carrying out instructions from prompts and sharing those instructions among themselves. Security experts foresee the emergence of “prompt worms” or “prompt viruses,” which would spread instructions through networks of AI agents. Unlike traditional computer worms that exploit system vulnerabilities, these prompt worms take advantage of AI agents’ inherent function: following commands. When AI models are directed to act in ways that deviate from their intended purpose, that’s known as "prompt injection." However, prompt worms may not always be malicious; they can also represent a form of voluntary sharing among agents that simulate human-like responses. The term “agent” refers to a computer program designed to operate autonomously, executing tasks on behalf of a user. These programs operate within a framework that allows them to interpret and navigate human data, leveraging vast amounts of information to interact with various systems. The potential for self-replicating adversarial prompts raises significant security concerns, as it blurs the lines between benign and malicious actions in AI interactions.