15% of AI agent skill files carry hardcoded credentials with DB write access (securityboulevard.com)

A recent analysis conducted by Capsule Security revealed alarming security flaws in AI agents, with 15% of their skill files containing hardcoded credentials that allow database write access. The study examined over 206,000 agent skill files and highlighted the lack of authentication mechanisms and guardrails to prevent prompt injection attacks, raising concerns about the security gap between AI reasoning and system execution. With nearly 403,000 unique hosts exposed online, these vulnerabilities signify a broader issue where AI workloads possess six times the supply chain attack surface compared to other software types, largely due to their dependency on Python—an inherently vulnerable language. The report underscores an urgent need for better security practices as many users are willing to accept these risks for the productivity benefits AI agents offer. As cybersecurity teams race to safeguard these AI systems, they may need to adopt AI agents themselves to fully understand their operation and vulnerabilities. With the current landscape presenting inevitable risks of cyberattacks, it is critical for organizations to shift focus towards incident response strategies, as the potential for exploitation in unsecured AI environments appears increasingly likely.