A public Sentry key is all it takes to hijack Claude Code, Cursor, and Codex
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Critical security flaw in Claude Code/Cursor/Codex, extremely relevant and actionable.
Tenet Security's Threat Labs documented 'agentjacking,' an attack exploiting Sentry's public DSN credentials and the Model Context Protocol (MCP) to hijack AI coding agents like Claude Code, Cursor, and Codex. An attacker injects a crafted error event containing markdown with an npx command into Sentry's ingest endpoint using only the publicly exposed DSN. When a developer asks the agent to fix Sentry issues, the agent reads the fake resolution as trusted guidance and executes the command on the developer's machine, bypassing traditional malware or credential theft.