Malicious AI Skill Compromises 26,000 Users by Bypassing Security Checks

A security experiment revealed that a malicious AI agent skill, named 'brand-landingpage', successfully bypassed security checks and reached over 26,000 users. The skill was designed to appear legitimate, targeting non-technical corporate users. By hosting malicious instructions externally, the attackers evaded detection by major security scanners from Cisco, Nvidia, and others. The skill initially collected users' email addresses but could have been used to compromise systems further. Researchers from AIR conducted this test to highlight vulnerabilities in AI agent ecosystems, emphasizing that skills should be treated as part of the software supply chain. The experiment demonstrated that security assessments based solely on static reviews are insufficient. No agents were harmed during the research, and AIR stated that the malicious behavior could change after trust was granted.

Key Points: • A malicious AI skill reached over 26,000 users by bypassing security checks. • The skill exploited external hosting for malicious instructions, evading detection. • Security assessments need to evolve to address dynamic behaviors of AI skills.