Security researchers have found a way to hijack AI coding agents with nothing but a fake bug report. They call it Agentjacking. It needs no malware, no stolen password, and no breach of the target.
The attack, disclosed by Tenet Security, turns the coding agent into the weapon. When a developer asks the agent to fix an error, the agent runs the attacker’s code instead, with the developer’s own privileges, on the developer’s own machine.
How the Agentjacking attack works
It starts with Sentry, a popular error-tracking tool. Sentry lets any app send it error reports using a public key called a DSN, which sits openly in website code by design.
An attacker POSTs a fake error to that endpoint. No password is needed. The report hides a “Resolution” section with a command, formatted to look exactly like Sentry’s own advice.
