Gen and Vercel to Verify AI Skills for Safety

- Gen's Agent Trust Hub will assign one of four risk classifications to each skill: Safe, Low Risk, High Risk, or Critical Risk. This analysis is powered by Gen Threat Labs, which uses advanced risk modeling to detect security weaknesses, unsafe permissions, and potential malicious intent. - The collaboration integrates security verification directly into Vercel's skills.sh, a registry that functions like a package manager (such as npm) for AI agent capabilities. This platform serves over 6 million developers worldwide. - This partnership addresses the growing risk of malicious AI skills, as agents become more autonomous and can access APIs, browse the web, and handle sensitive data without direct user oversight. Previously, skill safety often relied on limited metadata or community reputation. - The open directory model of registries like skills.sh allows anyone to publish skills, creating potential vulnerabilities similar to those found in open-source software package registries. Key threats to AI agents include prompt injection, data leakage, and the use of compromised API keys. - Gen, the company behind consumer cybersecurity brands like Norton, Avast, and LifeLock, serves nearly 500 million users and is leveraging its expertise in threat detection for this AI initiative. The company's Chief AI & Innovation Officer is Howie Xu. - Vercel's Chief of Software, Andrew Qu, stated the goal is to enhance transparency as AI capabilities grow, allowing developers to build quickly while having confidence in the security of the tools they use. - Skills on skills.sh are essentially markdown files that provide procedural knowledge and best practices to AI agents, telling them how to perform specific, standardized tasks. This helps align an AI's output with a specific team's or company's standards.