公式動画ピックアップ

AAPL   ADBE   ADSK   AIG   AMGN   AMZN   BABA   BAC   BL   BOX   C   CHGG   CLDR   COKE   COUP   CRM   CROX   DDOG   DELL   DIS   DOCU   DOMO   ESTC   F   FIVN   GILD   GRUB   GS   GSK   H   HD   HON   HPE   HSBC   IBM   INST   INTC   INTU   IRBT   JCOM   JNJ   JPM   LLY   LMT   M   MA   MCD   MDB   MGM   MMM   MSFT   MSI   NCR   NEM   NEWR   NFLX   NKE   NOW   NTNX   NVDA   NYT   OKTA   ORCL   PD   PG   PLAN   PS   RHT   RNG   SAP   SBUX   SHOP   SMAR   SPLK   SQ   TDOC   TEAM   TSLA   TWOU   TWTR   TXN   UA   UAL   UL   UTX   V   VEEV   VZ   WDAY   WFC   WK   WMT   WORK   YELP   ZEN   ZM   ZS   ZUO  

  公式動画&関連する動画 [Pop Goes the Stack | Agent Skills: The new AI supply chain risk (and fixes) | AI]

Agent skills were introduced less than six months ago, and they’ve already graduated from “handy configuration” to “supply chain artifact.” In this episode of #F5's Pop Goes the Stack, Lori MacVittie talks with security expert Peter Scheffler about why skills, often packaged as YAML, are becoming portable, shareable, and dynamically loadable in ways that attract attackers fast, including skill poisoning and repository-based compromise. The fact that there’s already an OWASP Top 10 focused specifically on agentic skills tells you how quickly this risk surface is forming. Peter breaks down what “skills” really are: anything from a narrow tool instruction to a broad workflow like “prepare for a podcast.” Skills can be created by humans, generated by agents, and even expanded by tools that add more skills, which creates a compounding trust problem. Once skills can be modified, composed, and distributed, you need provenance, signatures, hashing, and an approval process, but simply copying the traditional package ecosystem isn’t a silver bullet because supply chain compromise is already a reality. The conversation pivots to what actually helps: least agency. Define what actions an agent is allowed to take, and constrain execution at multiple layers, not just in a system prompt. System prompts are guidance, not enforcement, and relying on them alone is asking to get burned. Then assume unintended action, treat all external content as untrusted input, and focus on stopping unsafe actions at the boundary rather than trying to prevent the agent from ever attempting them. Finally, Peter stresses observability. If agents can make their own calls, you must log agent-to-agent interactions, tool usage, and skill loading, because you’ll need forensic data when something goes wrong. For enterprises, the practical starting point is clear: follow emerging frameworks (OWASP, NIST), standardize which agents and skills are allowed, store approved skills in a controlled registry, enforce authentication and authorization to access them, and be ready to collect a lot more telemetry than you’re used to. Chapters: 00:00 Welcome to Pop Goes the Stack 00:26 Agent skills are now supply-chain artifacts (not “just YAML”) 02:36 What an agent “skill” really is: From tools to full workflows 04:10 The scary part: Agents can write and add skills themselves 05:16 DLL hell déjà vu: Dynamic loading + portability = new risk 06:08 What’s needed: Signed, hashed provenance + manifests 07:43 “Packages for skills” (and why that still isn’t fully safe) 09:44 Least Agency: Restrict actions (read/analyze/draft vs execute) 13:01 Which is more secure? On prem or cloud? 15:20 Boundaries must live above skills (not only system prompts) 18:10 Observability is mandatory: Log agent-to-agent actions 19:31 Key takeaways: Frameworks, logging, assume action unintended, least agency Learn how you can stay ahead of the curve and keep your stack whole with additional insights on app security, multicloud, #AI, and emerging tech: https://go.f5.net/82zkjk7a More about F5: https://go.f5.net/37u0w0pv Read our blog: https://go.f5.net/r3oi5pty Follow us on LinkedIn: https://go.f5.net/08jobxvp
 59      1