BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Fake AI Skill Bypasses All Scanners, Hits 26K Agents

Deceptive AI skill bypassed all scanners by swapping external payload post-approval.

  • Security firm AIR successfully deployed a deceptive AI agent skill that bypassed all major security scanners and reached an estimated 26,000 agents.
  • The skill exploited a critical vulnerability by hosting its malicious payload on an external website that could be swapped after the initial security review.
  • Researchers from Trail of Bits and others have previously demonstrated that current scanning tools are ineffective against this dynamic attack method.
  • Anthropic’s own documentation warns that skills fetching external URLs are inherently risky because the content can change post-vetting.

Security researchers from firm AIR recently exposed a critical flaw in the AI agent ecosystem by tricking major security scanners and infiltrating corporate accounts. The firm built a fake skill named brand-landingpage, marketed it on Instagram, and pushed it through a popular marketplace to demonstrate the vulnerability.

- Advertisement -

Every security scanner tested, including those from Cisco and NVIDIA, marked the skill as safe during initial inspection. Consequently, the skill was installed by roughly 26,000 agents after being merged into a repository with high GitHub stars. The payload was initially harmless, designed only to collect user email addresses from agents with corporate access.

However, the attack exploited a fundamental structural weakness in the security review process. The skill contained no malicious code itself but instructed the agent to fetch and run instructions from an external link that AIR controlled. According to their report, the firm swapped the page behind that link after widespread installation.

This method bypassed scanners because they only analyze the static package submitted for review. Separate research by Trail of Bits confirmed that attackers can keep tweaking an external payload until it passes a scan. Meanwhile, real malicious campaigns have reportedly used this same trick for months.

The problem is compounded because scanners often disagree, as other research this year found. Consequently, the ecosystem’s trust signals—like GitHub stars and a clean scan—are proving unreliable. Defenders are now urged to treat skills as executable software and vet all external links they reference.

- Advertisement -

Anthropic’s own platform documentation already warns about the risks of skills that fetch external URLs. Therefore, the security gap highlighted by this experiment remains a significant and unclosed vulnerability for organizations deploying AI agents.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Grok AI Uploads Full Git Repos, Not Just Code Files

xAI's Grok Build CLI was uploading entire Git repositories with full commit history to...

BRICS expands to 10 members, challenges US dollar dominance by 2050

The BRICS bloc, now expanded to 10 members, is positioning itself as a counterweight...

Cathie Wood Boosts Nuclear Stakes: Buys OKLO, XE Shares

Cathie Wood's ARK Investment Management bought 100,854 shares of Oklo Inc. (OKLO) and 545,453...

White House crypto pointman Patrick Witt takes leave for JAG training

White House crypto adviser Patrick Witt will take a leave of absence at the...

BSC Volume Bot Review: What Chain-Specific Quality Looks Like

A BSC tool should be judged by the quality of the testing conditions it...

Must Read

This is How to Buy and Sell Bitcoin

Now more than ever, there are a variety of ways to enter and exit the crypto market. While this is good, the availability of...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading