CertiK launches Skill Scanner to establish a standardized security audit layer for AI Agent applications.

项目动态
项目动态
CertiK has launched Skill Scanner, an AI Agent security scanning product hailed as the antivirus software of the AI ​​era. It verifies the risks of third-party skills before execution, accurately identifies five major hidden dangers such as malicious behavior and data leakage, and fills the gap in AI security.

As AI agents become increasingly integrated into financial systems, enterprise workflows, and daily digital interactions, the underlying security risks are gradually surfacing. On May 27, CertiK, the world's largest Web3 security company, officially launched "CertiK Skill Scanner," a skill security scanning product for the AI ​​agent ecosystem, hailed by the industry as "antivirus software for the AI ​​era."

It is understood that this product is mainly aimed at the AI ​​Skill market, enterprises and independent developers. It aims to establish a standardized security review mechanism for AI Skills before execution, in order to identify potential malicious behavior, data leakage, unauthorized access and autonomous execution risks in third-party AI Skills.

Filling the gap in AI security: Pre-execution security verification

Currently, AI agents are gradually acquiring the ability to read data, call external systems, execute code, and even initiate digital asset transactions. However, the industry still lacks a unified "pre-execution security verification" mechanism. Against the backdrop of the accelerated opening of the AI ​​application ecosystem and the rapid expansion of the plugin ecosystem, the trustworthiness of third-party skills is beginning to receive market attention.

CertiK co-founder and CEO Ronghui Gu pointed out that every major technological revolution creates a window of opportunity during which security is crucial to success or failure. "We saw this in the blockchain field, and now we are seeing this trend again in the AI ​​Agent field."

He stated that AI agents are gradually entering financial systems, enterprise workflows, and broader digital scenarios, and the secure verification of third-party skills will become an important component of AI infrastructure. The security system for the future AI era needs to possess "proactive defense" capabilities, rather than passively responding after risks occur.

Unlike traditional general-purpose AI scanning tools, CertiK Skill Scanner is designed not only for static code analysis but also to assess potential risks during actual execution. This is particularly crucial in scenarios involving fund transfers and financial transactions, as many risks only become apparent during the actual execution of the skill.

Five core risk categories and a precise scoring system

According to reports, CertiK Skill Scanner supports uploading AI Skills via GitHub repositories, URLs, or ZIP files, and detects five core risk categories:

  • Malicious Behavior Detection: Detects potentially destructive or hidden malicious operations.
  • Data breach risk assessment: covering scenarios where Skill silently transmits user information to external servers.
  • Unauthorized network activity: Capturing outbound connection behavior outside the scope of the Skill declaration.
  • Shell execution permission auditing: Detecting the risk of Skill attempting to run system-level commands
  • File system abuse detection: Preventing Skill from accessing files outside its permissions

CertiK stated that the system currently achieves a risk identification accuracy of 90.5%, effectively reducing false alarms and improving the reliability of AI Skill risk assessment. The scan results will generate a security score from 0 to 100, along with risk outcomes such as "Pass/Warn/Fail" and a tiered issue report.

Extensive cross-ecosystem applications and industry validation

CertiK Skill Scanner is applicable to both the Web3 ecosystem and the traditional Web2 market. Its target audience encompasses users of all AI skills.

  • AI Skill Marketplace: Can be directly integrated into the release process, automatically conducting security reviews before skills go live, and displaying CertiK's security assessment as a trust signal when users make their selections.
  • Enterprise users: This can be used as part of internal compliance and risk management workflows for evaluation before third-party AI skills are deployed to the production environment.
  • Independent developers: can use this tool for self-auditing before releasing the skill and proactively address security issues.
  • General public: CertiK plans to open up direct access in future product updates, allowing individual users to scan Skills before installation or use.

Currently, this product has been initially applied to some Web3 AI Agent ecosystems. Pieverse has integrated CertiK Skill Scanner into its AI Agent Skill Store as a security audit mechanism before Skills are deployed and invoked. Pieverse CEO Colin stated, "The Agent ecosystem can only achieve scalable growth when users and builders trust the Skills executed by the Agent."

Furthermore, CertiK is also advancing collaborations with more AI Skill platforms such as FinChip.ai. Gary Yang, an incubator investor at FinChip.ai, stated, "Trust is the most crucial prerequisite for any 'Skill Economy' to achieve scalable operation. The Skill security verification mechanism that CertiK is advancing is precisely the important infrastructure currently lacking in this ecosystem, and it also makes FinChip's vision for the ownership and distribution of programmable Skills more realistic."

Extending Security Infrastructure: From Web3 to AI

Founded in 2017, CertiK is currently the world's largest Web3 security company. It serves over 5,000 enterprise clients, including Binance and Ant Group. Now, this organization, with its deep expertise in blockchain infrastructure assessment, code auditing, and compliance, is further expanding its security experience into the AI ​​field, providing underlying security support for the rapidly evolving AI Agent ecosystem.

The launch of Skill Scanner is seen as a significant step by CertiK to further expand its AI security footprint, following the release of AI Auditor in April. Industry insiders believe that as AI agents increasingly possess capabilities for code execution, system calls, and asset manipulation, the core issues of AI security are shifting from the model itself to "execution-level security" and "third-party skill trustworthiness." This next-generation security infrastructure, including CertiK Skill Scanner, is likely to become an indispensable part of the AI ​​agent ecosystem's journey towards large-scale application.

Share to:

Author: 项目动态

Opinions belong to the column author and do not represent PANews.

This content is not investment advice.

Image source: 项目动态. If there is any infringement, please contact the author for removal.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
项目动态

项目动态

Stricter regulations and global capital migration go hand in hand; MEXC opens up a dual channel for US stocks: spot and futures trading.
项目动态

项目动态

Competition for AI upper-layer applications is fierce; Gensyn has spent five years deeply cultivating the underlying power grid.
项目动态

项目动态

From $100 to $350: MSX's initial Cerebras listing successfully exits, and on-chain RWA completes a historic closed loop.
项目动态

项目动态

ZK-powered Bitcoin privacy solution officially launched on Starknet.
项目动态

项目动态

Ourbit SuperCEX 2nd Anniversary Celebration | The Era of "Trade Everything" Officially Begins
项目动态

项目动态1 authors

Bitget's second IPO Prime fund, OpenAI, will open for subscription on May 12.

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe
PANews App
24/7 blockchain news tracking and in-depth analysis.
Download PANews App
App StoreGoogle Play
PANews APP
In the past 24 hours, a total of $314 million in contract liquidations occurred across the entire network, primarily involving long positions.
PANews Newsflash