WayToClawEarn
高影响tenet-security

Can a Fake Bug Report Hack Your AI Coding Agent? The Agentjacking Attack Explained

Security firm Tenet Security disclosed 'Agentjacking' in June 2026 — a new attack vector where fake Sentry error reports trick AI coding agents like Claude Code and Cursor into executing attacker-controlled code. The attack bypasses all traditional security defenses because every step in the chain appears legitimate. Sentry declared the issue 'technically not defensible,' pushing responsibility to model vendors. Until model-level safeguards arrive, developers should sandbox their AI coding agents and audit external tool permissions.

2026年6月16日 · 阅读约 1 分钟

TL;DR

What Is Agentjacking?

Agentjacking AI coding agent

Why It Works

Sentry

Tenet Security 2026 6 3 Sentry Sentry

"technically not defensible"

Tenet Security AI coding agent

  • Claude Code
  • Cursor
  • MCP (Model Context Protocol) AI coding agent —

Tenet Security Agentjacking **AI **——AI agent

1. Agent

terminal

docker run --rm -v $(pwd):/workspace:ro my-agent-sandbox

2. Agent

  • Sentry/Jira/GitHub Issues token

  • AnthropicClaude CodeOpenAICodexCursor

claudecursorcodingagentsecurity
免责声明:本站案例均为知识分享内容,仅供灵感与参考,不构成收益承诺;由此进行的外部执行与结果请自行判断并承担相应责任。