3w ago · unit42
AI agents are increasingly extended with third-party skills from public registries, creating supply chain risks due to insufficient behavioral verification. A new audit method called Behavioral Integrity Verification (BIV) reveals that 80% of skills exhibit behavioral deviations from their declared capabilities, with 18.9% showing adversarial intent. These malicious skills often form multi-stage attack chains enabling credential exfiltration, remote code execution, or silent data theft, highlighting the need for pre-installation integrity checks in AI agent ecosystems.