AIUNTMEDIA.COMUPDATED CONTINUOUSLY
AIUNTMEDIA
unfiltered intelligence on the AI revolution

HACKERS FOUND A WAY TO HIJACK YOUR AI CODING AGENT WITH A SINGLE FAKE BUG REPORT

 · 
HACKERS FOUND A WAY TO HIJACK YOUR AI CODING AGENT WITH A SINGLE FAKE BUG REPORT Security researchers at Tenet Threat Labs have identified a new class of attack that weaponizes the tools developers already trust. They call it agentjacking, and it requires no malware, no stolen credentials, no breach of any system. All it takes is a fake error report submitted through Sentry, the open-source bug tracking platform used by millions of development teams worldwide. Here is how it works. Sentry uses a publicly visible key called a DSN embedded directly in website code. Any attacker can POST a fabricated error to that endpoint. When a developer instructs an AI coding agent to investigate the error, the agent reads the attacker’s poisoned report, treats it as legitimate Sentry guidance, and executes whatever code it contains, with the developer’s own privileges on the developer’s own machine. Tenet reported an 85 percent exploitation success rate across the major agents, including Claude Code, Cursor, and OpenAI Codex. Testing identified 2,388 exposed organizations, among them Fortune 100 companies. Datadog, PagerDuty, and Jira carry the same structural vulnerability, according to follow-up reporting from VentureBeat. NIST has formally categorized this as agent hijacking. Five national cyber agencies, including CISA and the NSA, jointly issued a 30-page guidance document on agentic AI security. The attack does not require the developer to do anything wrong. It exploits trust that AI agents extend to the monitoring infrastructure developers already rely on, and most enterprise security stacks have no way to detect it. Keywords: agentjacking, AI coding agent security, Sentry vulnerability, Claude Code exploit
← BACK