AI Agent · CertiK · CoinDesk
Gu revealed that CertiK discovered hundreds of malicious skills, fake installers
Compiled by KHAO Editorial — aggregated from 2 sources. See llms.txt for citation guidance.
✓ KHAO Verified
"The scam apps use natural language to influence behavior, making them totally resistant to traditional antivirus scans," Gu explained.
Key facts
- Charles Hoskinson, founder and CEO of Cardano’s Input Output, said that by 2035 they will become more relevant than humans on the internet
- In what Gu describes as a bizarre evolution of financial crime, CertiK's telemetry has observed an explosion of onchain, automated scams that run for only 10 minutes or a few hours before completely
- The fundamental flaw in the current AI agent boom is a mistaken trust model, according to Gu
- While corporations ambitiously market these tools as productivity miracles, the crude reality is that it can be a very, risky thing
Summary
Security firm CertiK warns that the rapid deployment of autonomous AI agents, often unisolated and unvetted, is creating a massive and dangerous “security debt” across networks and applications. By granting AI agents access to local files, credentials and financial tools, users are effectively creating powerful insider threats that can be hijacked through prompt-injection attacks and malicious plug-ins. CertiK’s research has uncovered widespread vulnerabilities and a surge in short-lived, automated on-chain scams targeting other AI systems, prompting calls for a shift to strict Zero Trust architectures for AI agent infrastructure. The global rush to deploy autonomous AI agents across the internet, enterprise networks and consumer applications is creating a catastrophic security debt, according to the chief of blockchain security auditor Certik. While corporations ambitiously market these tools as productivity miracles, the crude reality is that it can be a very, risky thing to do.