Cloud Security Office Hours Banner

Friday, May 22, 2026 - Meeting Recap

AI's impact on cybersecurity, Microsoft Red Sun zero-day, HSBC password controversy

- Securing AI agent skills: scanning, approval workflows, and Snyk's 36%

Quick recap. The session dug into a hard, current problem: how to secure and scan the skills that power generative-AI agents. Neil laid out three code-scanning approaches - CI/CD integration, external secret scanners like GitGuardian, and secured GitHub runners - but the group agreed skill scanning is largely unsolved: a Snyk study found 36% of AI agent skills contained prompt-injection or malware issues. Discussion centered on approval workflows for custom skills, the limits of user education, and what LLM providers would need to offer for real controls.

2026-05AISupply ChainGovernanceVulnerabilities
Show 4 discussion topics

Scanning code, and why AI skills break the model

Neil outlined three approaches to scanning code repositories: integrating security scanning into CI/CD pipelines such as GitHub Actions, using external services like GitGuardian for secret scanning, and running secured GitHub runners with built-in telemetry. Juninho noted that AI agent skills resist this: they are text-based and can reference one another, which makes comprehensive scanning hard, and effective coverage would require real collaboration from LLM providers like Anthropic.

The scale of the problem

Stryker raised the core question of how to secure the skills used in generative-AI agents, citing a Snyk study that found 36% of AI agent skills contained security issues including prompt-injection vulnerabilities. The group compared the situation to open-source libraries and to serverless functions: traditional malware scanners are ineffective against plain-language threats, and there is no reliable system today for detecting malicious skills in a marketplace.

Approval workflows for custom skills

With open agents often banned but skills still permitted, organizations are leaning on approval processes. Juninho described a review workflow for submitting and sharing skills internally, and the group discussed treating skill requests like open-source library requests. A recurring gap: platforms currently lack an administrator control to restrict agents to official-marketplace skills only, though a provider compliance API could improve visibility into agent interactions for auditing and blocking.

User education and its limits

Paul argued that skill-scanning technology is not mature enough to lean on, so protecting end users - who are vulnerable to social engineering - matters more. Neil suggested teaching users to recognize patterns and rely on reputation signals, similar to how developers judge npm packages. The group agreed the messaging has to be balanced and that education alone is insufficient against increasingly sophisticated threats.

↑ All meeting recaps