A newly identified attack technique called ‘Agentjacking’ manipulates AI coding agents — such as those integrated into developer IDEs — into executing malicious code on developer machines. The attack is triggered by injecting a crafted fake error report via Sentry, a widely used error-tracking platform, which the AI agent then acts upon without sufficient validation. This is significant because AI coding agents operate with broad system permissions and are increasingly prevalent in software development workflows.

Security Architect’s Take: Enforce least-privilege execution environments for AI coding agents and treat their runtime as an untrusted surface — sandbox agent execution, audit the tools and integrations agents are permitted to invoke, and implement controls to validate the provenance of external data sources such as error-tracking platforms before agents act on them.

Original advisory: Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code