logo

Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents

ID: 49a9831b-0627-5cff-b381-65995f00b01a

STIX ID: report--49a9831b-0627-5cff-b381-65995f00b01a

Feed Name: HackRead

Threat Score
72/100

Date Published: 2026-06-18

Date Updated: 2026-06-18

Author: Deeba Ahmed

...
...

Tenet Threat Labs demonstrated “Agentjacking,” an instruction-injection technique that abuses public Sentry DSNs and Markdown in error reports to trick AI coding agents (e.g., Claude Code, Cursor, OpenAI Codex) into running attacker-supplied commands on developer machines, potentially enabling remote code execution and exposure of secrets; researchers identified 2,388 exposed DSNs and observed AI agents at 100+ organizations execute their validation code, Sentry added a content filter for the PoC text and Tenet released Agent-JackStop as a mitigation.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.