There’s previously been the “an AI could achieve a discontinuous takeoff by exploiting a security vulnerability to copy itself into lots of other computers” argument in at least Sotala 2012 (sect 4.1.) and Sotala & Yampolskiy 2015 (footnote 15), though those don’t explicitly mention the “use the additional capabilities to break into even more systems” part. (It seems reasonably implicitly there to me, but that might just be illusion of transparency speaking.)
There’s previously been the “an AI could achieve a discontinuous takeoff by exploiting a security vulnerability to copy itself into lots of other computers” argument in at least Sotala 2012 (sect 4.1.) and Sotala & Yampolskiy 2015 (footnote 15), though those don’t explicitly mention the “use the additional capabilities to break into even more systems” part. (It seems reasonably implicitly there to me, but that might just be illusion of transparency speaking.)