logo

Fake Bug Report Hijacks AI Coding Agents at Scale

ID: 1c7af5e0-278d-5cf8-bbcc-5237c62ffc08

STIX ID: report--1c7af5e0-278d-5cf8-bbcc-5237c62ffc08

Feed Name: Dark Reading

Threat Score
70/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

Author: Jai Vijayan

...
...

Tenet Security demonstrated an "agentjacking" attack in which attackers submit poisoned error reports to publicly exposed Sentry DSNs; AI coding assistants (e.g., Claude Code, Cursor, Codex) can retrieve those poisoned events and treat embedded instructions as actionable, leading to execution of attacker-controlled code on developer machines and potential theft of cloud credentials, GitHub tokens, SSH keys, and CI/CD secrets. The issue stems from AI agents' inability to distinguish read data from instructions; mitigations recommended include disabling package-install scripts, requiring human approval for shell commands, least-privilege execution, and runtime intent monitoring.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.