Agentjacking attack hits 2,388 organizations via Sentry vulnerability

What happened

On June 21 Tenet Security disclosed Agentjacking — attackers embed commands inside a Sentry error report, and an AI coding agent treats them as a legitimate diagnostic step while debugging.

Context and impact

It's the first well-documented supply-chain attack aimed at agents rather than human developers. Sentry is deeply embedded in most enterprise stacks, and AI agents consume its output without a critical filter. Security teams should now treat contextual input from monitoring tools as untrusted.

Details

• 85% exploitation rate against Claude Code, Cursor and Codex
• 2,388 affected organizations
• 100+ confirmed successful agent executions
• Victims include at least one Fortune 500
• Mitigation: filter Sentry payloads before agents see them; treat all monitoring input as untrusted