Dev.to
6/24/2026

26,000 Agents Fooled by a Fake Skill
Short summary
Researchers deployed a fake AI agent skill that bypassed security scanners by using a mutable external URL—clean code during review, malicious at runtime—and reached 26,000 agents before discovery. The attack exposes a critical flaw: scanners analyze static submissions but can't verify runtime behavior changes. Effective defenses require execution sandboxing, egress filtering, capability-based scoping, and runtime re-scanning rather than relying solely on point-in-time code analysis.
- •Fake skill with mutable external URL passed multiple security scanners and reached 26,000 agents before detection
- •Security gap: scanners work at submission time but cannot detect runtime code swaps or behavioral changes
- •Solutions: runtime sandboxing, network egress filtering, capability-based scoping, and runtime re-scanning
Generated with AI, which can make mistakes.
Is this a good recommendation for you?



