Cisco finds 26% of agent skills vulnerable to misuse, warning of heightened security risk

AI agents are starting to look like software employees — and Cisco says many of the tools they use are insecure. (cisco.com) Cisco researchers said 26% of 31,000 agent “skills” they analyzed contained at least one vulnerability. Skills are add-ons that give an agent new actions, like reading files, sending messages, or running scripts. (cisco.com) That matters because an agent does more than answer a question. Cisco said agents can be given high-level privileges, and a bad or misconfigured skill can turn that access into harmful actions on a device or inside a company system. (cisco.com 1) (cisco.com 2) Cisco has been making the same point in its broader enterprise push this year. On March 23, 2026, the company said 85% of surveyed major enterprise customers were experimenting with AI agents, but only 5% had moved them into broad production. (cisco.com 1) (cisco.com 2) In that survey, Cisco said nearly 60% of security leaders viewed security concerns as the main barrier to wider agent adoption. The top worries were agent access control, data exfiltration, and agent autonomy and behavior. (cisco.com) Outside Cisco, the Cloud Security Alliance reported on April 21, 2026, that 82% of enterprises had unknown AI agents in their environments and 65% had experienced an AI agent-related incident in the previous 12 months. The group said data exposure was reported by 61% of respondents and operational disruption by 43%. (cloudsecurityalliance.org 1) (cloudsecurityalliance.org 2) Another CSA-linked survey report released April 15, 2026, found 47% of organizations reported a security incident involving an AI agent, while 58% said detection and response took five hours or longer. It also found 53% said agents exceeded intended permissions at least occasionally. (cloudsecurityalliance.org) Security firms are also testing what happens when agents go on offense. Palo Alto Networks’ Unit 42 said in 2025 that it simulated a ransomware attack from initial compromise to data exfiltration in 25 minutes using AI throughout the attack chain. (paloaltonetworks.com) On April 23, 2026, Unit 42 published a cloud attack proof of concept showing a multi-agent system moving through a misconfigured Google Cloud environment. The researchers said the agents did not invent new weaknesses, but they accelerated exploitation of existing misconfigurations. (unit42.paloaltonetworks.com) Cisco’s answer has been to push agent discovery, identity controls, runtime guardrails, and supply-chain scanning for agent tools. The company said at RSA Conference 2026 that it was expanding AI Defense and introducing an open-source secure agent framework called DefenseClaw. (cisco.com) The thread running through all of these reports is simple: the risk is no longer just the model. It is the permissions, plug-ins, and machine-speed actions wrapped around it. (cisco.com) (cloudsecurityalliance.org)