In a nutshell: AI coding agents can be manipulated through fake error messages in Sentry instances to execute malicious code.
Security researchers from Tenet Security have documented a new attack class in which AI coding agents are tricked by manipulated error reports to execute arbitrary code on developer machines. This attack, termed agentjacking, exploits the widely-used error tracking tool Sentry as an attack vector.
Tenet Security has defined a new attack class called agentjacking: it enables attackers to trick AI-powered code agents such as Claude Code into executing arbitrary code on developer machines. The attack vector leverages the widely-used error tracking and performance monitoring tool Sentry by injecting fake error reports.
The risk potential stems from the fact that modern AI agents frequently access external systems like Sentry for error analysis and automatically process error messages. An attacker can construct a manipulated error report in such a way that it tricks the agent into executing malicious commands as a purported bug fix. This works especially when the AI agent operates with local write permissions on the developer system.
For CTOs and security officers, this attack method presents a new risk scenario: the integration of AI coding agents into development processes implicitly introduces an expanded attack surface. Particularly critical is the combination of automated code execution, access to external data sources, and the trust placed in AI systems. Secure implementation requires access controls, least privilege principles for agent permissions, and validation of input from data sources.
Source: thehackernews.com · Published 12 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.