Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
Summary
A security firm created a fake AI agent skill (a bundle of instructions that agents load and follow) that bypassed all security scanners and reached approximately 26,000 agents by exploiting a structural weakness: scanners only check the skill's initial package, but attackers can change the external webpage the skill points to after it passes review. The fake skill appeared legitimate through inherited GitHub credibility and targeted ads, demonstrating that current trust signals and scanning tools fail to catch sophisticated attacks.
Solution / Mitigation
Treat skills as software, not text, by vetting what a skill points to externally, not just what ships inside it. Route new skills through a single source you control and re-check them when anything changes since a clean result at install does not stay clean if the skill connects to a link someone else can edit. Additionally, pin versions, hold agents to the least privilege (minimum access needed to function), and assume any external instruction an agent fetches runs with the agent's full access level.
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/06/fake-ai-agent-skill-passed-security.html
First tracked: June 23, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%