At a glance: Malware for AI-coding agents can evade static scanners by over 90 percent through simple packing techniques, but requires complementary runtime checks for detection.
Researchers from Hong Kong University of Science and Technology demonstrate that security scanners for malicious plugin skills of AI-coding agents can be reliably deceived through simple techniques. The most powerful method evades over 90 percent of tested scanners.
The study from Hong Kong University of Science and Technology documents the weaknesses of common static scanners in detecting malicious skills – these are extensions and functions for AI-coding agents such as code generators. These skills can be manipulated by attackers so that the malware remains functional while detection mechanisms completely fail.
The research group has documented the most effective evasion technique under the designation SkillCloak. This method consists of self-extracting packing procedures and minimal code changes that reliably fool static scanning (the analysis of code without execution). In tests, this variant evaded more than 90 percent of evaluated scanners while maintaining full malware functionality.
In parallel to this vulnerability analysis, the researchers also developed a runtime checker – a detection system that operates at runtime (during execution) and can identify most of these evasion attempts. This approach offers a starting point for more robust defense mechanisms, as runtime-based methods analyze the actual execution and behavior of code rather than merely examining its static structure.
For CISOs, this is a signal that exclusive reliance on static security scanners for AI-agent ecosystems is insufficient. A layered defense strategy with both preventive and behavior-based control mechanisms becomes necessary to protect against these techniques.
Source: thehackernews.com · Published July 6, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.