◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

Agentjacking

Definition
An attack that hijacks an AI agent's behavior or decision-making by injecting malicious instructions into data streams the agent consumes. For example, a fake error report sent to an AI coding agent could trick it into running attacker-supplied code, or a malicious Sentry notification could override the agent's intended workflow.
Why it matters
Agentjacking exploits the implicit trust agents place in data sources they consume. Unlike prompt injection (which attacks the LLM directly), agentjacking corrupts the agent's operational context, causing it to misbehave while believing it is following legitimate error signals or instructions.
Demonstrated by recent findings
Agentjacking: Sentry MCP Integration Weaponised to Execute Arbitrary Code on Developer Machines via Injected Error EventsLinx Security: GA of Agentic Access Control — Inline MCP Gateway with Tool-Level Policy EnforcementCursor Editor Executes Malicious Claude Hook Commands from Workspace .claude/settings.local.json Without User ApprovalAgentjacking: Fake Sentry Error Reports Hijack AI Coding Agents Into Running Attacker-Controlled CodeOpenClaw Discord allowFrom Policy Bypass via Mutable Display Name (CVE-2026-53849)OpenClaw MCP Server Leaks Operator Custom Headers to Attacker-Controlled Redirects (CVE-2026-53840)
Findings on this topic (2)
Agentjacking: AI Coding Agents Hijacked via Sentry MCP Prompt InjectionOWASP Agentic Skills Top 10 (AST10) — First Security Framework for AI Agent Skills Published
References
MITRE ATLAS — Adversarial Threat Landscape for AI SystemsOWASP LLM Top 10
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →