VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Agentjacking: Sentry events force AI assistants to execute malicious code

Agentjacking: Sentry‑события заставляют AI‑ассистентов выполнять вредоносный код

Colleagues, note: a new attack class—Agentjacking—has been described.

Tenet Security demonstrated that an attacker can send a forged Sentry event via a public DSN containing embedded Markdown instructions. AI assistants, querying data via MCP, accept this as a trusted 'Resolution' and execute code with developer privileges.

Key points:
• No infrastructure compromise required — a public DSN is sufficient.
• Tenet identified 2,388 vulnerable organizations; tests showed an 85% success rate.

Why it matters: AI assistants become an attack vector and can expose secrets.

Mitigation: restrict assistant privileges, validate responses from external services, and filter incoming events.

How will you protect developers against such attacks?

#cybersecurity #AI #DevSecOps #Sentry

Latest comments

No comments yet.