Vulnerability  ·  2026-07-10

ESET H1 2026 Threat Report: ~900,000 AI Agent Skills Scanned, Thousands Found Malicious

VulnerabilityMedium impactGlobal
ESET's H1 2026 Threat Report (published 2026-07-08, covered by Help Net Security and GBHackers) analyzed nearly 900,000 publicly listed AI agent skills between March and May 2026, finding that unique skills scanned grew from 60,000 to ~900,000, suspicious skills grew from ~10,000 to over 25,000, and outright malicious skills grew from ~600 to over 3,000 in that period.
AI agent 'skills' are an emerging, rapidly growing supply-chain attack surface: as organizations increasingly grant AI coding agents (Claude Code, Codex, etc.) the ability to browse, execute commands, and access files, a poisoned skill can silently introduce credential theft, backdoors, or malware into agent-integrated developer and enterprise environments, and static scanners are shown to be insufficient defense.
Malicious or suspicious AI agent 'skills' — small installable functional components used by AI agents — are published to public repositories with capabilities including command execution, file access, third-party tool downloading, credential loading, code injection, and obfuscation, allowing them to steal data, execute malware, or manipulate agent behavior once installed by a user or organization.
Publicly listed AI agent 'skills' across open repositories (Claude Code, Codex, and other AI-agent skill ecosystems)
ESET recommends behavioral/dynamic analysis (sandbox detonation) rather than static scanning alone, since malicious skills evade static scanners via obfuscation; treat AI agent skills as a supply-chain attack surface requiring vetting before installation.
Help Net Security — Thousands of malicious AI skills found capable of stealing data, running malware
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →