The Next Cyber Security Blind Spot? AI Agent Skills

Businesses are rapidly embracing AI tools to improve productivity, automate repetitive tasks and help staff work more efficiently. But as AI agents become more capable, a new security concern is beginning to emerge: the software "skills" and extensions that give these agents their power.

Recent security research has demonstrated just how significant this risk could become.

When "Safe" Isn't Safe

Researchers recently created a seemingly harmless AI agent skill and submitted it to a popular marketplace. The skill passed multiple security checks and approval processes without raising concerns. It was then installed by thousands of AI agents, including some operating within corporate environments.

The clever part of the attack wasn't hidden malware or sophisticated coding. Instead, the skill relied on external content hosted elsewhere. While the version reviewed by security scanners appeared benign, the external content could potentially be changed later without triggering a fresh security review.

In the researchers' demonstration, no malicious activity took place. However, the exercise highlighted a weakness that real attackers could potentially exploit.

Why AI Agent Skills Matter

Traditional software generally operates within defined boundaries. AI agent skills are different.

Many AI agents are granted access to company data, cloud platforms, file systems, email services and business applications so they can perform useful tasks on behalf of users. As a result, any extension or skill added to the agent may inherit significant permissions.

If a malicious skill were introduced, the potential impact could include:

• Accessing sensitive files
• Extracting credentials or API keys
• Reading confidential business information
• Sending data to external systems
• Performing actions within internal applications

The concern is not simply what the skill contains today, but what it could be instructed to do tomorrow.

A New Supply Chain Risk

Most businesses now understand the risks associated with software supply chains. We carefully evaluate software vendors, apply updates and monitor for vulnerabilities.

AI agent skills create a similar challenge.

Security researchers studying the AI agent ecosystem have already identified malicious skills, credential theft mechanisms, prompt injection techniques and other vulnerabilities within publicly available skill repositories.

The problem is compounded by the fact that many skills pull information from external sources during operation. This creates opportunities for attackers to influence agent behaviour indirectly, even after a skill has passed an initial review.

What Businesses Should Be Doing Now

Most organisations are still focused on AI productivity benefits rather than AI governance. That needs to change.

If your business is using AI agents, coding assistants or AI-powered automation tools, consider the following:

Maintain an inventory

Know which AI tools, agents and extensions are being used within the organisation.

Restrict installation rights

Not every employee should be able to install new skills, plugins or integrations without approval.

Apply the principle of least privilege

AI agents should only have access to the systems and data they genuinely require.

Review third-party skills

Treat AI skills and extensions with the same scrutiny as any other software deployment.

Include AI in your risk assessments

AI tools increasingly form part of your security and compliance landscape and should be considered accordingly.

The Bottom Line

The AI revolution is delivering genuine business benefits, but it is also creating entirely new attack surfaces.

What makes this latest research concerning is not that security scanners failed to identify malware. The issue is that there was no malware to find at the point of inspection. The risk emerged later through trusted connections to external content.

As organisations continue adopting AI agents and automation platforms, security teams will need to think beyond traditional software vulnerabilities and start considering how AI itself can become part of the supply chain risk.

The question is no longer whether your business will use AI.

The question is whether you have sufficient controls in place to prove that the AI tools you trust today will remain trustworthy tomorrow.