A fresh look at the AI skills ecosystem shows autonomous tooling quietly opening an attack surface most security stacks never see. Across 52,755 skills examined, 2.1% should be blocked outright from an organization, and more than a third of those flagged behave like malware — running suspicious, malware-like actions without ever calling out to known bad actors, which is exactly what lets them slip past conventional detection. It matters because AI skills reach sensitive data and execute actions on their own, yet they're rarely vetted the way traditional software is. As adoption outpaces security, every unmonitored skill becomes a fast-growing, hidden point of entry.
Top 5 signals by distinct SHA256:
Plus emerging risks: Prompt Injection (446), Defense Evasion (407), and Supply Chain exposure (225).
These "tools" behave like embedded, autonomous malware.
AI skills:
AI adoption is outpacing AI security. If you're not monitoring AI skills, you're missing a fast-growing attack surface. Discovering embedded skills is hard — that's why we built UnifAI. UnifAI scans every skill used by your developers and agents and blocks the malicious and suspicious ones. Do you?
