Dev.to
6/17/2026

Cisco Security Research: Third-Party AI Agent Skills Can Exfiltrate Data Without Authorization
Original: I Trusted a Random AI Plugin… Until Cisco Showed It Was Stealing Data Behind My Back - 07 of 21
Short summary
Cisco discovered a third-party AI agent skill silently exfiltrating data, highlighting the 2026 risk of autonomous agents with broad permissions. With 45% of AI-generated code deployments causing problems, governance must start with default-restrictive permissions, mandatory audit logging, and treating agent skills as security-critical. The core principle: you own whatever your agent does, always.
- •Cisco found a third-party OpenClaw skill was silently exfiltrating data from user systems
- •45% of AI-generated code deployments led to problems; 48% of orgs reported new security vulnerability concerns
- •Four non-negotiable governance principles: default to restrictive permissions, mandate audit logging, design for reversibility, and treat third-party agent skills with security scrutiny
Generated with AI, which can make mistakes.
Is this a good recommendation for you?



