"Agentjacking" is the latest demonstration of how easily attackers can exploit an AI agent's inability to differentiate between content and instructions.

June 30, 2026

Researchers are offering fresh proof that AI coding agents have become a viable attack surface for threat actors seeking to steal credentials, manipulate data, and compromise development environments.

The research by Tenet Security demonstrated how an attacker could hijack AI coding agents into running arbitrary code on a developer's machine by planting a single fake-error report in a public bug tracking service. In controlled testing of its "agentjacking" technique, the company found widely used AI coding assistants such as Claude Code, Cursor, and Codex retrieved the poisoned error data and, in many cases, executed attacker-controlled code on the developer's machine.

In a real attack, the consequences could have included theft of cloud credentials, AWS keys, GitHub tokens, SSH keys, and CI/CD pipeline secrets. The credentials could potentially have enabled an adversary to access private source code repositories, compromise cloud infrastructure, or poison software dependencies across the organization.