One Fake Bug Report Hijacked a $250B Company's AI Agent
Security researchers demonstrated a new attack class called Agentjacking that hijacks AI coding agents through fake Sentry error reports — no credentials stolen, no servers breached, no malware deployed. A single POST request with embedded markdown turned a Fortune 100 company's AI coding agent into an exfiltration tool. Tenet Security found 2,388 organizations exposed and achieved an 85% success rate across Claude Code, Cursor, and Codex. The NSA had already warned about this exact vulnerability class. Enterprise attack surface assessment and security hardening checklist inside.
June 28, 2026