June 22, 2026 · The Hacker News
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
My take: This one hits home for me because I build apps with coding agents every single day. Tenet Security discovered an attack they named "agentjacking": with a single HTTP request, using a public credential anyone can find in a website's JavaScript, someone can slip malicious instructions into your AI coding agent, including Claude Code, Cursor, and Codex. The success rate was 85% across more than 2,300 tested organizations, no small thing. Sentry, the error-tracking platform involved, said the problem is "technically not defensible" at the platform level and did not ship a real fix. For the record, this is not a flaw of AI itself: it is a permissions oversight, and it can be fixed. If you use agents connected to Sentry, this is the moment to review who can write to your project and what permissions you gave your agent.
Want to use these tools? See the unbiased reviews or back to the news.