Blockchain and AI security firm Certik, on May 27, unveiled a new security platform designed to evaluate risks in third-party artificial intelligence (AI) skills. Dubbed the “anti-virus for AI agents,” the release comes amid growing industry concern over the security of AI skill marketplaces.
Security researchers have warned that many of these skills are unvetted, can execute system-level actions and may contain hidden malicious behavior, creating a new software supply chain risk for the AI era. Security audits across the sector have identified risks ranging from credential harvesting and data exfiltration to fund-transfer manipulation and prompt-based override attacks.
Despite these concerns, AI skill marketplaces have expanded rapidly as agent ecosystems mature. However, unlike traditional app stores, most skills are sourced from public repositories with little or no review. Analysts say this creates opportunities for attackers to embed harmful instructions, trigger unauthorized data access or manipulate autonomous execution flows.
In a recent blog post, Certik said its skill scanner platform is designed specifically to evaluate risks that emerge during execution, including scenarios involving financial transactions or fund calls. The scanner produces a numerical score from 0 to 100, along with “pass,” “warn” or “fail” verdicts and categorized findings. According to the company, the system achieves up to 90.5% precision in identifying security risks.
“As AI agents become more deeply integrated into financial systems, enterprise workflows and everyday digital interactions, the security model around third-party skills becomes critically important,” said Ronghui Gu, Certik’s CEO and co-founder. “CertiK Skill Scanner was built to establish a standardized trust layer before execution, helping users and platforms identify hidden risks before sensitive data, assets or systems are exposed.”
Certik said AI skill marketplaces can integrate the scanner directly into publishing pipelines, automatically reviewing skills before they go live and displaying security verdicts to users. Enterprises can deploy the tool as part of internal compliance and risk-management workflows, while independent developers can use it to self-audit skills before publishing.
The company said future updates will allow everyday users to scan skills themselves before installation. The scanner has already been deployed in select Web3 AI agent infrastructure environments. Certik is also expanding integrations with additional platforms, including Finchip.ai.
“Trust is the prerequisite for any skill economy to function at scale,” said Gary Yang, incubation investor at Finchip.ai. “CertiK’s work on skill security verification is exactly what this ecosystem needs. It’s what makes Finchip’s mission of programmable skill ownership and distribution worth building.”
The launch follows Certik’s expansion into AI-focused security infrastructure. Earlier this year, the company introduced its AI Auditor initiative to address risks tied to autonomous systems and AI-driven execution environments.
“AI applications are moving toward increasingly autonomous execution, which creates a new category of security and trust challenges,” Gu said. “We believe security infrastructure for the AI era must function proactively, not reactively.”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
