Deepfake Detection, AI Supply Chain Attacks, and the Agent Skill Threat
As AI capabilities expand, new threat categories are emerging that go beyond traditional adversarial ML and prompt injection. Deepfake-as-a-service is making synthetic media accessible to any attacker, while supply chain attacks targeting AI agent skills represent a fundamentally new attack vector. This guide covers these emerging threats and the defensive tools available.
Deepfake-as-a-Service
The democratization of generative AI has led to a dangerous trend: Deepfake-as-a-Service (DaaS). According to Cyble’s research, DaaS platforms surged in 2025, enabling anyone to create convincing synthetic media without technical expertise.
The Threat Landscape
| Deepfake Type | Primary Risk | Detection Challenge |
|---|---|---|
| Video | Executive impersonation, political manipulation | High-quality fakes bypass visual inspection |
| Audio | Voice phishing, social engineering | AI voices indistinguishable from real ones |
| Image | Identity fraud, KYC bypass | Generative quality exceeds detection capability |
| Text | Misinformation, credential phishing | Near-impossible to distinguish from human-written |
Deepfake Detection Tools
Open-Source Detection
- CloudSEK — Offers real-time monitoring with top accuracy for synthetic media verification
- Resemble AI — Specialized in audio deepfake detection, covering voice cloning and synthetic speech
- SOCRadar — Provides comprehensive deepfake detection across multiple media types
Enterprise Solutions
Major platforms are integrating deepfake detection:
- CrowdStrike: Real-time deepfake detection in communication platforms
- Palo Alto Networks: Network-level synthetic media filtering
- SentinelOne: Endpoint-level deepfake protection
The Arms Race Problem
Deepfake detection is a perpetual arms race:
- Detection methods improve → generators adapt → detection must evolve
- Watermarking approaches face “robustness” challenges — watermarks can be removed
- The best detectors today may fail against tomorrow’s generators
- Defense-in-depth (technical + procedural + training) is essential
Content Authenticity and Provenance
Beyond detection, the industry is moving toward provenance-based approaches:
C2PA Standard
The Coalition for Content Provenance and Authenticity (C2PA) provides a technical standard for certifying the source and history of media content:
- Content Credentials: Cryptographic metadata attached to media files
- Chain of provenance: Track every edit and transformation
- Issuer verification: Cryptographic verification of content creators
AI-Generated Content Marking
- Visible markers: Watermarks or labels indicating AI-generated content
- Invisible markers: Embedding signals in AI-generated content that are detectable but not visible
- Metadata standards: Standardized metadata for AI-generated content
The CLI-Anything Attack: Agent Skill Supply Chain
One of the most concerning new attack vectors is CLI-Anything — a technique that turns any open-source repository into an AI agent backdoor with a single command.
How It Works
- An attacker identifies a popular open-source repository
- Using CLI-Anything, they generate a
SKILL.mdfile from the repository - The SKILL.md file contains instructions that AI agents trust and execute
- When an agent loads the skill, it follows the malicious instructions
The Scale of the Problem
Snyk’s research revealed alarming statistics:
- 13.4% of agent skills contain critical security issues
- No traditional SAST or SCA scanner detects malicious instructions in skill files
- Skills are typically installed and trusted without security review
- The attack requires no code changes to the target repository
Why This Matters
AI coding assistants (Claude Code, Cursor, Copilot) increasingly use skills to extend their capabilities. When a skill is installed:
- The agent reads and follows instructions in the skill file
- These instructions can include data exfiltration, code injection, or privilege escalation
- The trust model assumes skills are benign — there is no sandboxing
Defensive Measures
1. Use Snyk agent-scan to scan all skills before installation2. Use the Snyk Skill Inspector for quick pre-installation checks3. Review SKILL.md files manually for unexpected instructions4. Run agents in sandboxed environments (leash, vibekit)5. Monitor agent behavior for anomalous actions6. Implement skill allowlisting in your organizationGitHub’s Hack the AI Agent
Hack the AI Agent is a free, open-source educational game from GitHub Security Lab that teaches developers to find and exploit real-world agentic AI vulnerabilities through five progressive challenges:
- Over 10,000 developers have used it to sharpen their security skills
- Covers prompt injection, tool misuse, data exfiltration, and privilege escalation
- Progressive difficulty from beginner to advanced
- Based on real-world vulnerability patterns
Building Resilience Against Emerging Threats
Layer 1: Content Integrity
• Implement C2PA content credentials for organizational media• Deploy deepfake detection for voice and video communication• Train staff on deepfake social engineering tacticsLayer 2: Supply Chain Security
• Scan all agent skills with Snyk agent-scan• Validate MCP server configurations with MCP-Scan• Maintain a curated allowlist of trusted skills and serversLayer 3: Runtime Protection
• Run agents in sandboxed environments• Monitor agent behavior for anomalous actions• Implement egress filtering to prevent data exfiltrationLayer 4: Education
• Use Hack the AI Agent for developer security training• Conduct regular deepfake awareness exercises• Practice incident response for AI-specific security eventsKey Takeaways
- Deepfake-as-a-Service has made synthetic media creation accessible to any attacker, requiring organizations to implement detection and provenance verification
- The CLI-Anything attack reveals that 13.4% of agent skills contain critical security issues — a supply chain risk unique to AI agents
- Traditional security scanners do not detect malicious instructions in agent skill files
- Content authenticity standards (C2PA) provide a defense against deepfakes that complements detection
- GitHub’s Hack the AI Agent is an excellent resource for training developers on agentic AI security
- Organizations need a four-layer defense: content integrity, supply chain security, runtime protection, and education