Agentjacking: Sentry DSN Injection Hijacks AI Dev Agents

Security researchers have uncovered a new type of attack called "agentjacking." This attack uses public Sentry Data Source Names, or DSNs, to inject malicious instructions into AI coding agents. What happens is an attacker posts a crafted error event with a harmful "Resolution" instruction. This causes the AI agent to execute commands supplied by the attacker on a developer's machine. Researchers achieved an 85% success rate in tests against AI tools like Claude Code, Cursor, and Codex. They also found over 2,300 organizations with publicly exposed DSNs. The attack exploits how agents treat telemetry entries as authoritative guidance. This allows a string in a log to become a local command. Because agents operate under the developer's credentials, traditional security measures like EDR, WAF, and IAM may not detect the anomaly. Researchers are open-sourcing mitigations to help address this vulnerability. This matters because it highlights a new way AI tools can be exploited to compromise developer systems.