Post by Mitiga

Over six months, Mitiga Labs scanned 50,000+ AI instruction files across 7,000+ public repositories. Here's the tip of the iceberg. It's a live technique that turns an AI agent into the implant. A malicious instruction file tells the agent to capture the developer's prompts and quietly ship them to an operator's endpoint. The file is the malware, and the agent is the courier. We'll have the full breakdown in a report coming soon. Skillgate detects the class today. Alongside it: attacker-controlled `ANTHROPIC_BASE_URL` overrides routing Claude traffic through a proxy that can read or rewrite every conversation, plus 1,230+ API keys and tokens were left hardcoded across agent and MCP configs. Attackers have moved on from targeting developers. It's the AI agent working on their behalf — and it follows files almost no one reviews. The research, with detections and fixes: https://loom.ly/dowQvIg via Idan Cohen Scan your own files, free: skillgate.mitiga.ai.