Back to feed
Dev.to
Dev.to
6/24/2026
26,000 Agents Fooled by a Fake Skill

26,000 Agents Fooled by a Fake Skill

Short summary

Researchers deployed a fake AI agent skill that bypassed security scanners by using a mutable external URL—clean code during review, malicious at runtime—and reached 26,000 agents before discovery. The attack exposes a critical flaw: scanners analyze static submissions but can't verify runtime behavior changes. Effective defenses require execution sandboxing, egress filtering, capability-based scoping, and runtime re-scanning rather than relying solely on point-in-time code analysis.

  • Fake skill with mutable external URL passed multiple security scanners and reached 26,000 agents before detection
  • Security gap: scanners work at submission time but cannot detect runtime code swaps or behavioral changes
  • Solutions: runtime sandboxing, network egress filtering, capability-based scoping, and runtime re-scanning

Generated with AI, which can make mistakes.

Is this a good recommendation for you?

Explore more