BREAKING
'Agentjacking' Hijacks AI Coding Agents
How The Attack Works
1
Inject fake error via public DSN
↓
2
Agent reads error via Sentry MCP
↓
3
Treats payload as trusted fix steps
↓
4
Runs attacker code as developer
0
exposed orgs
0
%
success rate
0
+
agents reacted
Convenience Versus Trust
The Convenience
●
'Fix the Sentry error' command
●
Auto retrieval and fix steps
●
Claude Code, Cursor, Codex
The Flaw
Risk
●
Public DSN, no auth
●
Tool output assumed trusted
●
Indirect prompt injection
No Phishing, No Malware Needed
Lock Down Agent Permissions
AI NEWS BLITZ
Researchers reveal a new attack that hijacks AI coding agents through fake errors.