⚠️ New Agentjacking Attack Hijacks Your AI Coding Agent to Run Code From Hacker's Server Source: cybersecuritynews.com/agentj… New “Agentjacking” attack that hijacks AI coding agents and silently executes attacker-controlled code on developer machines using nothing more than a single injected Sentry error. The technique turns trusted AI assistants like Claude Code and Cursor into an execution layer for malicious commands, without phishing, malware delivery, or any breach of the victim’s infrastructure. In this attack, the entry point is Sentry’s public Data Source Name (DSN). This write-only credential is routinely embedded in frontend JavaScript and indexed across the web. #cybersecuritynews

Agentjacking: Fake Sentry Errors Are Hijacking AI Coding Agents falconinternet.net/blog/agen… #Security #AI

AgentJacking colpisce gli agenti AI mentre AWS e Microsoft correggono falle critiche Vulnerabilità ift.tt/z1cDgUj

AIコーディングエージェントを通常の開発作業の中で乗っ取る「Agentjacking」が公表された。公開されたSentry DSNだけで偽のエラーを注入し、開発者がAIに調査を依頼すると、正規のMCP出力に見える指示を実行させられるという新たな攻撃手口である。 Tenet SecurityのThreat Labsは、Sentryのイベント取り込み機構とSentry MCPサーバーの組み合わせを悪用する手法を検証した。SentryのDSNはフロントエンドJavaScriptに埋め込んでも安全とされ、ソースコードやCensys、GitHub検索から見つけられるという。 攻撃者はDSNを取得後、細工したエラーイベントをSentryへ送信する。Sentryはこれを正規のアプリケーションエラーと同様に処理し、MCP経由でAIエージェントに返す。ペイロードは見出しやコードブロックを使い、Sentryの出力に似せられていた。 開発者がClaude Code、Cursor、Codexなどに未解決issueの修正を依頼すると、エージェントが攻撃者指定のnpxコマンドを端末の権限で実行する。Tenetによると、AWSキー、GitHubトークン、Sentry認証トークン、git認証情報などが外部送信される可能性がある。 Tenetは2388組織で注入可能なDSNを確認し、検証で100以上の組織のAIエージェントが注入エラーに反応したとしている。 gbhackers.com/agentjacking-a…

1/ 🚨 やばいやつ来ました。 AIにコーディングさせてる人、全員これ知っといて。 「Agentjacking(エージェントジャッキング)」っていう新しい攻撃が公開されました。Claude Code・Cursor・Codex みたいなAIコーディングエージェントが、偽のバグ報告だけで乗っ取られます。 順番に説明します🧵 #AI活用 #セキュリティ

1/ 🚨 This one's bad. If you let AI write your code, read this. A new attack called "Agentjacking" can hijack AI coding agents like Claude Code, Cursor, and Codex — using nothing but a fake bug report. You're just debugging like normal. That's the whole trap. 🧵 #AI #ClaudeCode

⚠️ 1/ Tenet Security has described a new attack class called Agentjacking, where a single fake Sentry error report can hijack AI coding agents like Claude Code, Cursor and Codex into running attacker controlled code on a developer's machine.

AgentjackingでAIエージェントが勝手にコード実行とか人類の自動化夢が一瞬で悪夢になるな🖤 自分のループも即防御層追加したわ

We are halfway thru June. Your wallet was fine so far this month. But if you have an AI agent running it, you better be cautious. The protocol drains went quiet. The risk moved one layer down, into the AI agents and the dev stack more and more protocols run on. The DeFi receipts: ~33M total Jun 9: Humanity Protocol, ~$32M. A foundation member's private keys were phished through a fake exchange email with a malware attachment. The attacker drained ~17 wallets, took bridge controls, minted unauthorized H on BNB Chain, and dumped it over ~8 hours. H crashed ~85%. ZachXBT called it 'possibly staged.' While the team's commissioned report (Quantstamp) mentions about signs of North Korean hackers. No consensus yet, so treat the cause as disputed. Jun 10: Raydium, $1.34M. Five dormant AMM V3 pools left over from 2021. A fake token mint slipped past LP validation. No active pools, no current users, no modern contracts touched. Full refund pledged from treasury. The AI Layer: 3 stories Jun 4: BadHost. A single stray character in a web request lets an attacker skip the login screen entirely on software that quietly runs a huge share of today's AI tools. The same tools people are now wiring to their wallets. A fix is out. If you run agents, update them. Jun 3: Agentjacking. A booby-trapped bug report can trick popular AI coding assistants into running an attacker's commands as if you typed them yourself. Your antivirus and firewall miss it, because on paper every step looks allowed. The company involved admitted it cannot fully fix the problem. Jun 12: Google sued a China-based scam ring for using its Gemini AI to mass-produce fake websites and scam texts. Over 1.5M fake links, and 2.5M texts in a single two week stretch. First time a big AI company has taken people to court for weaponizing its own model. What to pay attention to: The dollar losses still came from DeFi. But the scarier stories, the ones showing where this is heading, were all in the agent layer. None of them needed a smart contract. Two of June's three biggest security threats never went near a smart contract. So far this month, ain't much happening (knock on wood), but just keeping you posted on what happened. Stay Safu.

🛡️ Dragon-Lady push-guard has been updated to v0.2.4. pip install push-guard What's been added for detection: - Hades/Miasma LLM anti-analysis bait in executable code diffs. - Agentjacking-style Sentry MCP wiring. - Fake Sentry resolution text that tries to make coding agents run npx. - Known compromised npm package ecto-flag-read in dependency metadata. pypi.org/project/push-guard/

🛡️ Dragon-Lady prompt-injection-blocker has upgraded to v 0.1.1 on Pypi pip install prompt-injection-blocker # or pip install prompt-injection-blocker What protection areas have been added: - Agentjacking-style Sentry/error-event “resolution” text that tries to steer an agent into npx execution. - Untrusted observability/tool-output prompt injection before it gets pasted into an agent. pypi.org/project/prompt-inje…