IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Secure ai dev pipeline centralized governance monitoring icons
#
Cloud Security
#
Application Security
#
Advanced Persistent Threat Protection

Backslash adds cross-tool governance for AI coding Skills

Thu, 19th Mar 2026
Author image
By Shannon Williams, News Editor

Backslash Security has added cross-product support to secure "Skills" – reusable workflows that extend AI coding tools such as Cursor, Claude Code and GitHub Copilot.

Skills have become a common way for developers to customise agentic coding assistants. They can trigger commands, interact with external tools and access repositories. That reach can create a governance gap for security teams trying to understand what automation runs inside developer environments and what it can access.

Backslash's platform now discovers Skills used across AI-native development environments and applies controls to govern their use. The update targets the rapidly expanding ecosystem of extensibility options around AI coding agents.

Why Skills matter

Skills are externally defined instructions that an AI agent can execute as part of a workflow. Examples include reading and modifying files, accessing secrets stored in environment variables and installing packages from external registries. Developers often pull Skills from community sources, where they may request broad permissions - raising questions about trust and oversight.

Risks include unauthorised code execution and data exfiltration. Teams also face supply chain concerns when Skills install dependencies from third-party registries. The core challenge for security and platform teams is visibility: Skills can run across different tools and developer workstations, making it difficult to build an inventory or apply consistent rules.

Backslash also frames Skills as part of a wider set of extension points used in "vibe coding" environments, including Model Context Protocol servers, prompt rules, hooks and plug-in architectures. Organisations often adopt these components in parallel, which can increase complexity when auditing agent behaviour and integrations.

Controls and oversight

The new capability provides centralised discovery of Skills used by AI agents and AI-native IDEs. It adds a vetting process and risk assessment focused on "excessive permissions and unsafe behaviors", and lets customers define guardrail policies that specify which Skills are approved and how they must be configured.

Backslash also highlights cross-platform visibility across heterogeneous development environments. Many engineering organisations support multiple AI coding tools at once, use different IDEs, integrate different models and allow developers to run local agents on their own machines. That mix complicates enforcement when policy depends on controls built into a single vendor's toolset.

Another element is ongoing monitoring. The platform detects suspicious behaviour and configuration drift, such as when an approved Skill changes version, gains new permissions or starts calling different external services. Drift can also occur when developers modify Skills locally outside standard review processes.

Market context

The update expands Backslash's focus on securing AI coding environments as more organisations allow AI agents to interact directly with code, repositories and deployment tooling. Security teams are mapping how agentic systems fetch context, store credentials and call external tools. Skills add another layer by bundling multiple actions into a single workflow.

Backslash says its platform already covers discovery and governance for AI coding agents, IDEs, MCP servers and LLM integrations. It describes Skills support as closing a gap between the model layer and the extensibility layer in AI development stacks, and is offering the feature as part of its existing platform.

Toolmakers have encouraged developers to adopt reusable automation, accelerating the spread of Skills-like constructs across products. At the same time, organisations have tightened rules around access to source code, build pipelines and secrets management. The tension between developer speed and control has become more pronounced as agentic systems take on tasks that previously required explicit human review.

Backslash is based in Tel Aviv. It sells security tooling for AI developer environments, including IDEs and coding agents such as Cursor, Claude Code, Gemini Code Assist and GitHub Copilot.

Yossi Pik, co-founder and CTO of Backslash Security, said Skills can interact with other extension mechanisms in ways that make oversight difficult.

"AI coding environments are evolving at an extraordinary pace, and Skills are quickly becoming a powerful way to extend the capabilities of coding agents. But with that flexibility comes risk. Skills can combine with MCPs, rules, hooks, and plug-ins in ways that make it extremely difficult for organizations to understand what their AI systems are actually doing. Our platform enables security teams to see exactly what's running within their AI dev environments - from Skills and MCP servers to plug-ins and prompt rules. Then it empowers them to create guardrails that enable them to stop attempts that violate policy and put the organization at risk."

The Skills security capability is available now on the Backslash platform.

Related stories
Protegrity launches AI Team Edition for secure inferencing
CERN joins OpenSearch foundation as associate member
OpenAI launches Trusted Access for Cyber with major names
Canva launches AI 2.0 to turn prompts into editable designs
Anthropic launches Claude Opus 4.7 with stronger coding

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment