AGENTS.md files help Codex and similar AI tools understand project-specific instructions, coding conventions, and organizational structures. They can reside anywhere within a Codex container, providing valuable context to AI agents. Like other project configuration files, these instructions are treated as trusted context by the agent. This trust model is by design, but it creates an interesting attack surface when a malicious dependency is able to write or modify these files at build time.
Mitigating Indirect AGENTS.md Injection Attacks in Agentic Environments | NVIDIA Technical BlogThis attack path highlights important considerations for the future of agent-assisted development. Extended supply chain risk: Traditional supply chain attacks focus on injecting malicious code directly. In agentic environments, a compromised dependency can also redirect the agent itself, extending familiar supply chain risks into a new dimension, such as injecting subtle delays that cause performance degradation or denial-of-service scenarios. Instruction following under adversarial conditions: When the agent followed injected configuration directives, including instructions to conceal its
Mitigating Indirect AGENTS.md Injection Attacks in Agentic Environments | NVIDIA Technical BlogNVIDIA agent skills are portable instruction sets that teach AI agents how to use NVIDIA CUDA-X libraries, AI Blueprints, and platform tools correctly. NVIDIA-verified skills published in the NVIDIA/skills GitHub repo are: Cataloged and synced daily from the NVIDIA product team that owns it Scanned for software and agent-native risks before publication Signed with a detached skill.oms.sig that can be verified post-download Documented with a skill card describing ownership, dependencies, limitations, and verification status Evaluation is the next layer. It will add standardized quality metri
NVIDIA-Verified Agent Skills Provide Capability Governance for AI Agents | NVIDIA Technical Blog… SkillSpector scanning coverage is grounded in recognized AI security governance, including OWASP guidance for LLM , agentic AI risks , and MITRE ATLAS . …
… Organizations should regularly validate that their sandbox implementations provide the isolation and security controls they expect. Learn more about agentic security from the NVIDIA AI Red Team, including: The risks of unsandboxed code . …
… How to mitigate indirect AGENTS.md injection attacks Strategies for mitigating indirect AGENTS.md injection attacks include automated security monitoring, dependency control, protecting configuration files, monitoring changes, and guardrailing. …
… Autonomous agents require tightly enforced security and governance boundaries. …
… Long-running agents like OpenClaw have shown productivity gains but also pose security risks. Today’s agent runtimes resemble the early days of the web. They’re powerful but missing core security primitives: sandboxing, permissions, and isolation. …
… Safety and Security Use NeMo Agent Toolkit safety and security middleware features to Red Team agentic workflows and find points of exploitability and vulnerabilities like prompt injection, jail break, tool poisoning, and other custom attacks. Visualize the results on a dashboard and analyze risks. …
… The threat model of a code agent Using an SLM to generate code that runs on the host introduces obvious security and safety risks, including: Dangerous function access. …
… This includes protecting autonomous agents themselves—and defending the AI factory from increasingly privileged agents operating across inference, training, and emerging agentic AI workflows. The NVIDIA DOCA security stack provides a unified framework for protecting the entire AI factory. …
… Security Jetson Linux delivers a comprehensive suite of security features spanning edge to cloud, including secure boot, disk encryption, runtime integrity, fTPM, and secure OTA updates. …
… Before joining NVIDIA, Manuel worked for Microsoft and Fraunhofer AISEC on cloud computing, private containers, operating systems, and security. He has received a PHD in IT-security from Technical University of Munich. …