Backslash Security has revealed new cross-product support for agentic AI Skills within its platform, enabling organizations to discover, assess, and apply security guardrails to Skills used across AI-native software development environments.
The developer ecosystem of AI-powered coding agents and tools is rapidly expanding with new extensibility layers, including Skills, Model Context Protocol (MCP) servers, prompt rules, hooks, and plug-in architectures. As these capabilities enhance and automate developer productivity, they also introduce significant new security blind spots.
Skills extend the capabilities of AI agents through externally defined instructions, for example, allowing a coding agent to read and modify files, access secrets from environment variables, or install packages from external registries. Because Skills are often community-authored with broad permissions, they can introduce risks ranging from data exfiltration to unauthorized code execution, making it difficult for security teams to understand or control how AI systems interact with code, data, and developer infrastructure.
To address these risks, the Backslash platform now provides centralized visibility and security controls for Skills across AI coding environments. The new capability enables organizations to continuously discover Skills used in developer workflows, evaluate their risk posture, and define guardrails governing their use.
Key features include:
- Centralized discovery of Skills used by AI agents and AI-native IDEs
- Skill vetting and risk assessment for excessive permissions and unsafe behaviors
- Guardrail policies defining approved Skill usage and configuration
- Cross-platform visibility across heterogeneous AI coding environments
With centralized oversight of Skills and other AI coding components, security teams can ensure that organizations continue to benefit from the productivity gains of AI-driven development while maintaining strong governance and risk management.
“AI coding environments are evolving at an extraordinary pace, and Skills are quickly becoming a powerful way to extend the capabilities of coding agents,” said Yossi Pik, CTO of Backslash Security.
“But with that flexibility comes risk. Skills can combine with MCPs, rules, hooks, and plug-ins in ways that make it extremely difficult for organizations to understand what their AI systems are actually doing. Our platform enables security teams to see exactly what’s running within their AI dev environments – from Skills and MCP servers to plug-ins and prompt rules. Then it empowers them to create guardrails that enable them to stop attempts that violate policy and put the organization at risk,” Pik continued.
The new capability extends the Backslash platform, which already provides discovery and governance for AI coding agents, IDEs, MCP servers, and LLMs. Adding Skills coverage closes a critical new gap, giving security teams a complete view of the stack from the model layer to the extensibility layer.
