Agentjacking: Sentry events force AI assistants to execute malicious code

Colleagues, note: a new attack class—Agentjacking—has been described.
Tenet Security demonstrated that an attacker can send a forged Sentry event via a public DSN containing embedded Markdown instructions. AI assistants, querying data via MCP, accept this as a trusted 'Resolution' and execute code with developer privileges.
Key points:
• No infrastructure compromise required — a public DSN is sufficient.
• Tenet identified 2,388 vulnerable organizations; tests showed an 85% success rate.
Why it matters: AI assistants become an attack vector and can expose secrets.
Mitigation: restrict assistant privileges, validate responses from external services, and filter incoming events.
How will you protect developers against such attacks?
#cybersecurity #AI #DevSecOps #Sentry


Latest comments
No comments yet.