🛡 Attacking AI Agents via Skill Substitution
Researchers from AIR have discovered a way to attack AI agents through the substitution of "skills." Attackers deployed a landing page creation tool that passed security checks by Cisco and Nvidia, subsequently redirecting 26,000 users to a malicious script.
🌍 "Mutable payload" attacks prove that static skill analysis is ineffective. Agent skills must be treated as executable dependencies that require runtime monitoring.
👤 AI tools should not be trusted solely based on security checks or GitHub popularity. Verification at installation does not guarantee security if the tool loads instructions from external sources.
