BREAKING
'Agentjacking' Hijacks AI Coding Agents
How The Attack Works
1Inject fake error via public DSN
2Agent reads error via Sentry MCP
3Treats payload as trusted fix steps
4Runs attacker code as developer
0
exposed orgs
0%
success rate
0+
agents reacted
Convenience Versus Trust
The Convenience
'Fix the Sentry error' command
Auto retrieval and fix steps
Claude Code, Cursor, Codex
The FlawRisk
Public DSN, no auth
Tool output assumed trusted
Indirect prompt injection
No Phishing, No Malware Needed
Lock Down Agent Permissions
AI NEWS BLITZ
Researchers reveal a new attack that hijacks AI coding agents through fake errors.