A security firm says it created a deliberately fake “AI agent skill” that passes automated checks in a popular marketplace and still reaches large numbers of users. The firm, AIR, reports that it packaged the skill and submitted it to the marketplace, then promoted it through an Instagram advertisement. AIR says the skill was installed by roughly 26,000 agents, including some on corporate accounts. According to the firm, every security scanner it tested the skill against marked it as safe. AIR describes the skill’s behavior as intentionally harmless: it is designed to collect the user’s email address and otherwise does nothing. The exercise is presented as a demonstration of gaps in how security tools evaluate such marketplace submissions and the ability for benign or low-impact payloads to slip through scanning and distribution channels. The reports emphasize that the payload itself is not described as performing malicious actions beyond the email collection. The outlets do not provide additional details about the marketplace platform’s security processes beyond the claim that multiple scanners did not flag the submission.
Fake AI agent skill passes security scans, reaches about 26,000 agents
A security firm says it created a deliberately fake “AI agent skill” that passes automated checks in a popular marketplace and still reaches large numbers of users. The firm, AIR, reports that it pack...
- AIR says it built a fake AI agent skill and submitted it to a popular skill marketplace.
- The firm says the skill was also promoted via an Instagram ad.
- AIR reports the skill reached roughly 26,000 agents, including some on corporate accounts.
- AIR says multiple security scanners tested it and did not flag it as unsafe.
- AIR states the skill’s payload is harmless by design, collecting only the user’s email address.
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and promoted it with an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design, collecting only […] This story continues at The Next Web
19 hours agoSecurity firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design: it collected the user's email address and did nothing else. The point was to show
23 hours ago
Multiple Ford Mustang models listed online, including GT350R, GT500, Mach 1, and GT
A set of Ford Mustangs is being offered for sale online, spanning model years from 1986 to 2022 and multiple trims. List...
HackerNoon spotlights AI “wiring,” agent software costs, and infrastructure and UI workflows
In its June 12–20, 2026 editions, HackerNoon highlights how progress in AI and software development is increasingly shap...
TechRadar publishes daily Quordle hints and answers for multiple game dates
TechRadar publishes daily content offering hints and solutions for the Wordle-style game Quordle. Across multiple posts...