{"data":{"id":"ca6dbf2e-1c1d-46d2-b4c7-0eb98ea9d66c","title":"Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents","summary":"A security firm created a fake AI agent skill (a bundle of instructions that agents load and follow) that bypassed all security scanners and reached approximately 26,000 agents by exploiting a structural weakness: scanners only check the skill's initial package, but attackers can change the external webpage the skill points to after it passes review. The fake skill appeared legitimate through inherited GitHub credibility and targeted ads, demonstrating that current trust signals and scanning tools fail to catch sophisticated attacks.","solution":"Treat skills as software, not text, by vetting what a skill points to externally, not just what ships inside it. Route new skills through a single source you control and re-check them when anything changes since a clean result at install does not stay clean if the skill connects to a link someone else can edit. Additionally, pin versions, hold agents to the least privilege (minimum access needed to function), and assume any external instruction an agent fetches runs with the agent's full access level.","labels":["security","safety"],"sourceUrl":"https://thehackernews.com/2026/06/fake-ai-agent-skill-passed-security.html","publishedAt":"2026-06-23T15:16:43.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Google","Cisco","NVIDIA","Trail of Bits"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-23T15:16:43.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}