Certik Unveils ‘Anti-Virus for AI Agents’ as Skill Marketplaces Face Hidden Threats
Key Takeaways
Certik launched a security platform to provide an “anti-virus” layer for agent ecosystems.Sector audits reveal high risks, but CertiK aims to protect marketplaces with 90.5% scanning precision.Finchip.ai is among platforms expanding integrations ahead of future consumer-facing scan updates.
The Security Challenge
Blockchain and AI security firm Certik, on May 27, unveiled a new security platform designed to evaluate risks in third-party artificial intelligence (AI) skills. Dubbed the “anti-virus for AI agents,” the release comes amid growing industry concern over the security of AI skill marketplaces.
Security researchers have warned that many of these skills are unvetted, can execute system-level actions and may contain hidden malicious behavior, creating a new software supply chain risk for the AI era. Security audits across the sector have identified risks ranging from credential harvesting and data exfiltration to fund-transfer manipulation and prompt-based override attacks.
Despite these concerns, AI skill marketplaces have expanded rapidly as agent ecosystems mature. However, unlike traditional app stores, most skills are sourced from public repositories with little or no review. Analysts say this creates opportunities for attackers to embed harmful instructions, trigger unauthorized data access or manipulate autonomous execution flows.
In a recent blog post, Certik said its skill scanner platform is designed specifically to evaluate risks that emerge during execution, including scenarios involving financial transactions or fund calls. The scanner produces a numerical score from 0 to 100, along with “pass,” “warn” or “fail” verdicts and categorized findings. According to the company, the system achieves up to 90.5% precision in identifying security risks.
“As AI agents become more deeply integrated into financial systems, enterprise workflows and everyday digital interactions, the security model around third-party skills becomes critically important,” said Ronghui Gu, Certik’s CEO and co-founder. “CertiK Skill Scanner was built to establish a standardized trust layer before execution, helping users and platforms identify hidden risks before sensitive data, assets or systems are exposed.”
Certik said AI skill marketplaces can integrate the scanner directly into publishing pipelines, automatically reviewing skills before they go live and displaying security verdicts to users. Enterprises can deploy the tool as part of internal compliance and risk-management workflows, while independent developers can use it to self-audit skills before publishing.
The company said future updates will allow everyday users to scan skills themselves before installation. The scanner has already been deployed in select Web3 AI agent infrastructure environments. Certik is also expanding integrations with additional platforms, including Finchip.ai.
“Trust is the prerequisite for any skill economy to function at scale,” said Gary Yang, incubation investor at Finchip.ai. “CertiK’s work on skill security verification is exactly what this ecosystem needs. It’s what makes Finchip’s mission of programmable skill ownership and distribution worth building.”
The launch follows Certik’s expansion into AI-focused security infrastructure. Earlier this year, the company introduced its AI Auditor initiative to address risks tied to autonomous systems and AI-driven execution environments.
“AI applications are moving toward increasingly autonomous execution, which creates a new category of security and trust challenges,” Gu said. “We believe security infrastructure for the AI era must function proactively, not reactively.”
