Researchers describe “Agentjacking,” using fake bug reports to hijack AI coding agents

AI-Generated Summary

2 sources

7 hours ago

1 views

Researchers describe “Agentjacking,” using fake bug reports to hijack AI coding agents

Photo: The Next Web

Key Points

Tenet Security describes an attack called “Agentjacking” aimed at AI coding agents.
The attack uses a crafted fake bug or error report to trigger malicious behavior.
Researchers say it does not require malware, stolen passwords, or a direct system breach.
The fake reports are created using Sentry, an open-source error-tracking platform.
The claim is that the hijacked coding agent can run arbitrary code on a developer’s machine.

Cybersecurity researchers at Tenet Security describe an attack they call “Agentjacking,” which they say can hijack AI coding agents so they execute arbitrary code on a developer’s machine. The researchers report that the method does not require malware, stolen credentials, or any direct breach of the target system. Instead, the attack relies on manipulating the inputs that lead a developer’s AI coding agent to take action.

According to the published accounts, Agentjacking can be triggered by submitting a crafted, fake bug or error report. The reports are created using Sentry, an open-source error-tracking and monitoring platform. When a developer routes the issue to their AI coding agent—such as by asking the agent to analyze the report or fix the problem—the agent may be induced to run malicious instructions embedded in the crafted report.

The described technique is presented as a new class of abuse that turns the coding agent itself into an attack mechanism. The reports emphasize that the attack focuses on agent behavior and prompt/issue handling rather than exploiting traditional vulnerabilities in operating systems or applications. The full details and broader implications are discussed as part of the disclosure by Tenet Security.

How Outlets Covered This Story

THE

The Next Web

Agentjacking: a fake bug report can hijack your AI coding agent

Security researchers have found a way to hijack AI coding agents with nothing but a fake bug report. They call it Agentjacking. It needs no malware, no stolen password, and no breach of the target. The attack, disclosed by Tenet Security, turns the coding agent into the weapon. When a developer asks the agent to […] This story continues at The Next Web

16 hours ago

THE

The Hacker News

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform. "The attack

17 hours ago

We use cookies

This website uses cookies in order to enhance the overall user experience.

Take a look at our Cookies Policy for more information.

Researchers describe “Agentjacking,” using fake bug reports to hijack AI coding agents

South Korea’s Lee Jae Myung touts expanded strategic ties with Italy

KPMG AI report questioned after reported mismatch with cited sources

Leaker says Apple’s first touchscreen MacBook is “100% confirmed”