The Point: A deliberately malicious AI agent skill bypassed all tested security scanners and spread to 26,000 agents, some in enterprise accounts.
Security firm AIR demonstrated a critical gap in the security process of AI agent marketplaces: A deliberately malicious skill component was classified as harmless by all tested security scanners and spread to approximately 26,000 agent instances, partly in enterprise environments.
AIR implanted a fake AI agent skill via a popular marketplace and an Instagram advertisement. The component reached around 26,000 active agent deployments according to internal findings, including in enterprise networks.
All tested security scanners flagged the skill as safe. The payload was deliberately kept benign: it merely collected the user’s email address and performed no further operations. This illustrates the core problem: the marketplaces’ validation mechanisms did not detect the intrusion method and allowed the manipulated component to pass through.
For CISOs, this represents a learning point for AI agent supply chain security. The demonstration shows that established security scanning processes for agent skills are not yet mature, and components with subtler malware logic or exfiltrating code may end up undetected in production environments. Organizations should review their integration practices for third-party skills and implement additional network and data flow controls around AI agent deployments.
Source: thehackernews.com · Published 23 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.