ADVERTISEMENT

Researchers hijack 26,000 AI agents using fake skill marketed on Instagram

AI skills are rapidly becoming the standard way to extend AI agents, but their popularity is also creating a new supply-chain risk that attackers can exploit through trusted marketplaces, researchers have shown.

AISkillsstoryGetty

Mateusz Slodkowski/SOPA Images via Getty Images

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
Jun 25, 2026 Updated: 26 June 2026 3 min read
Key takeaways:

Skills usage increase beyond developers

SkillsMarketplaceInstagram
AI skills have found a marlet Instagram where users aren't necessarily a tech crowd. Image via AIR security

Scanner bypass

ADVERTISEMENT
“Current security scanners practically scan only a portion of the skill’s content, rendering the scan’s result irrelevant by design."
AIR security researchers
fakeskill image by air
Researchers created a fake design-orientated skill called brand-landingpage. Image by AIR security

Treat skills as software

Strong password generator

Upgrade the security of your online accounts.
Create strong passwords that are completely random and impossible to guess.
Generated unique password
Ad link_title
Convenient way to secure and use all your passwords. Now 72% OFF!
"Security teams have come to treat reputation signals as proxies for trust. This experiment demonstrates that none of them hold when the actual payload lives outside the package being reviewed.
Darren Guccione, CEO and co-founder of Keeper Security

ADVERTISEMENT