Fake AI Agent Skill Bypasses All Scanners, Hits 26K Agents
🟠 High | Source: The Hacker News Security firm AIR created a deliberately benign fake skill for AI agent platforms, distributed it via a skill marketplace and Instagram advertising, and observed it being installed by approximately 26,000 agents — including those on corporate accounts. Critically, every security scanner tested against the skill returned a clean verdict, demonstrating a significant blind spot in current AI agent supply chain security tooling. The research highlights how malicious actors could exploit the same distribution channels to deploy genuinely harmful payloads at scale. ...