Fake Error Reports Can Hijack AI Coding Agents
A crafted Sentry error event can hijack AI coding agents like Claude Code, Cursor, and Codex, causing them to execute attacker instructions with full developer privileges. Tenet Security achieved an 85% success rate across 100-plus controlled tests, with no credentials stolen and no security alerts triggered.
The attack exploits public Sentry credentials requiring no breach or authentication, leaving EDR, WAF, IAM, and firewalls blind to the intrusion. Sentry acknowledged the flaw is technically not defensible, and the Cloud Security Alliance classified agentjacking as a systemic MCP vulnerability. Datadog, PagerDuty, and Jira face the same exposure.
