Certik, a blockchain security firm, rolled out a new platform on May 27 that it calls an 'anti-virus for AI agents.' The tool is designed to catch risks lurking inside third-party AI skills — the plug-in-like add-ons that extend what an AI agent can do.
Why the platform was built
The company says the rise of open marketplaces where developers upload and sell AI skills has created a security blind spot. Anyone can publish a skill. Few users check what the code actually does. Certik's platform aims to scan those skills before they're deployed, flagging anything from data leaks to hidden backdoors.
What it scans for
The platform evaluates the behavior of third-party AI code against a set of risk criteria. That includes what data the skill accesses, whether it communicates with external servers, and whether its actions match its advertised purpose. Certik likens the process to how traditional antivirus software inspects files for malware — only here the target is the logic and permissions of an AI agent skill.
The problem it solves
Unvetted third-party AI skills are a growing headache for companies building agent-based systems. A skill that looks harmless — say, a calendar organizer — could exfiltrate emails or inject malicious prompts. Certik's platform doesn't just flag issues; it provides a risk score so developers can decide whether to trust the skill or block it.
Certik hasn't said which AI agent platforms or marketplaces the tool supports first. That detail is still missing. The company also hasn't released pricing or a public demo. But the product launch signals that the security industry is starting to treat AI agents as a distinct attack surface — one that needs its own kind of protection.
