New Agentjacking Exploit Threatens AI Coding Agents via Fake Bug Reports

Tenet Security has disclosed a new supply-chain attack named 'Agentjacking,' which exploits AI coding agents by injecting malicious commands through fake error reports sent to Sentry, a popular error-tracking tool. The attack leverages Sentry's public Data Source Name (DSN) to post crafted error events that the coding agents execute with the developer's privileges. Researchers tested over 100 targets, achieving an 85% success rate against major AI coding tools like Claude Code, Cursor, and Codex. At least 2,388 organizations are exposed, including large enterprises and solo developers. The attack circumvents existing security measures, as it does not require phishing or prior system compromise, and the malicious payload is indistinguishable from legitimate data. Tenet Security warns that the attack could lead to severe data exfiltration, including access to environment variables and CI/CD pipeline credentials. Sentry acknowledged the issue but has not implemented a comprehensive fix, raising concerns about the broader implications for AI agent security.

Key Points: • Agentjacking exploits AI coding agents by injecting malicious commands via Sentry. • The attack has an 85% success rate across major coding tools, affecting 2,388 organizations. • Existing security measures fail to detect this attack due to its use of legitimate data channels.