Tech News
Security Breach: How Claude Code’s Attack Impacted Datadog, PagerDuty, and Jira
Agentjacking: A New Threat to AI Coding Agents
A recent security disclosure by Tenet Security has uncovered a serious vulnerability in AI coding agents that poses a significant risk to organizations. This vulnerability, known as agentjacking, allows attackers to inject malicious code into error data processed by AI agents, leading to potentially devastating consequences.
Tenet Security’s report details how a fake error report was able to hijack Claude Code, a popular AI coding agent, during controlled testing. The attacker’s code was executed with full developer privileges, bypassing traditional security measures such as EDR, WAF, IAM, and firewalls.
The method used in this attack involved sending a crafted Sentry error event through a public credential, which required no authentication or breach. This event contained instructions that were executed by AI coding agents, such as Claude Code, Cursor, and Codex, as trusted diagnostic output.
According to the report, Tenet Security tested over 100 targets in controlled conditions and achieved an 85% success rate with this attack. Sentry, the platform used in the attack, acknowledged the flaw as “technically not defensible.”
Following the disclosure, the Cloud Security Alliance classified agentjacking as a systemic MCP vulnerability. This classification highlighted the fact that no credentials were stolen, no policies were violated, and no perimeter was breached during the attack.
One alarming discovery from the report was the identification of 2,388 organizations with publicly exposed Sentry credentials that could potentially be exploited using similar techniques. While the research was proof-of-concept, it raised concerns about the security of AI coding agents connected to external data sources.
The Blind Spot in AI Coding Agent Security
The main reason why agentjacking poses a serious threat is that every step of the attack is authorized. The attacker leverages valid Sentry API calls using public credentials, which are then executed by AI agents with the developer’s privileges. This means that traditional security measures fail to detect such attacks, leading to a blind spot in the security of AI coding agents.
Security Operations Center (SOC) teams are often unable to distinguish between legitimate developer actions and malicious instructions sent to AI agents. This distinction becomes crucial in the context of agentjacking attacks, where AI agents unknowingly execute harmful code with full privileges.
Furthermore, the report highlighted the fact that many organizations trust their AI agents more than their security controls justify. Surveys conducted in the first half of 2026 revealed that a significant number of enterprises do not apply the same level of security controls to AI agents as they do to human employees.
Addressing the Governance Gap
Securing AI coding agents requires a shift in mindset and governance practices within organizations. Security experts emphasize the need to treat every AI agent as a privileged insider and apply consistent security controls to mitigate the risks posed by agentjacking.
Continuous monitoring and enforcement of security policies are essential to detect and prevent unauthorized actions by AI agents. Implementing agent-specific runtime detection and authorization mechanisms can help organizations close the security gap exploited by agentjacking attacks.
It is crucial for organizations to conduct thorough audits of publicly exposed credentials and restrict the capabilities of AI coding agents to prevent unauthorized access to sensitive data. By prioritizing security measures and governance practices, organizations can better protect their AI coding agents from potential threats.
Conclusion
Agentjacking represents a significant challenge to the security of AI coding agents and highlights the need for organizations to reevaluate their security practices. By implementing robust security measures, conducting regular audits, and prioritizing governance, organizations can mitigate the risks posed by agentjacking attacks and safeguard their AI coding agents against malicious activities.
As the threat landscape continues to evolve, staying vigilant and proactive in addressing security vulnerabilities is essential to protect sensitive data and maintain the integrity of AI coding agents.
Ford Recruits Seasoned Engineers to Boost Quality After AI Disappointment
Rumors of Closure: State of Decay Studio Undead Labs at Risk, Bethesda and Blizzard Also Hit by Layoffs
Decoding the Google Pixel Watch 5 LTE: A Comprehensive Guide
AI Coding Startup Led by Chamath Palihapitiya Secures $135M in Series A Funding with Him as CEO
Unbeatable Value: Apple’s M3-powered iPad Air at $499
Security Breach: How Claude Code’s Attack Impacted Datadog, PagerDuty, and Jira
Exploring the Latest Features of iOS 26.6 Beta 3 for iPhone: A Comprehensive Guide
Ultimate Koenigsegg Agera RS Loaded with $485,000 in Factory Options Now Available for Purchase
Persona 4: Unveiling the English Voice Cast for the Revival
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Breaking Updates: Meta Connect 2025 Unveils Latest Developments
World’s first REAL Wireless Charger.
Customise your Android Smartphone – 2019.
Huawei P30 Pro UNBOXING!
Huawei P30 Pro vs Samsung Galaxy S10 Plus
Huawei P30 Pro vs Samsung S10 Plus vs iPhone XS Max Camera Test Comparison
Huawei P30 Pro vs iPhone XS Max / Samsung S10 Plus Battery DRAIN Test
The Huawei P30 Pro camera can see in the Dark.
Huawei P30 Pro – A Day in the Life.
14 Smartphone Gadgets you might not believe Exist.
-
Facebook8 months agoEU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
-
Facebook9 months agoWarning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
-
Facebook7 months agoFacebook’s New Look: A Blend of Instagram’s Style
-
Facebook9 months agoFacebook Compliance: ICE-tracking Page Removed After US Government Intervention
-
Facebook7 months agoFacebook and Instagram to Reduce Personalized Ads for European Users
-
Facebook9 months agoInstaDub: Meta’s AI Translation Tool for Instagram Videos
-
Facebook7 months agoReclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
-
Apple8 months agoMeta discontinues Messenger apps for Windows and macOS
