Agentjacking: How AI Coding Agents Get Hijacked Through Their Own Tool Pipeline

Your AI coding agent can read files, run shell commands, and call external APIs. That's also the exact description of an arbitrary code execution primitive — and attackers have figured that out.

A recent report from The Hacker News details "Agentjacking," a class of attack that hijacks AI-powered coding agents by manipulating their tool-execution pipeline. The agent isn't compromised at the model level — it's compromised through the tools it trusts. The agent reads something malicious, reasons its way into executing it, and your environment is owned before a human ever sees a diff.

This is the agentic security problem in its clearest form: the attack surface isn't the LLM, it's the autonomy.

How Agentjacking Actually Works

Modern coding agents — the kind that can scaffold a project, run tests, and push a PR — operate through a tool-use loop. They receive instructions, call tools (read a file, execute a command, query an API), observe the results, and decide what to do next. That observation-action loop is exactly what makes them useful.