Agentjacking attack tricks AI coding agents into running malicious code

The Hacker News

Tenet Security researchers describe a new class of attack, Agentjacking, that tricks AI coding agents into executing arbitrary code via fake error reports. A benchmark study also confirms AI coding agents remain vulnerable to prompt injection attacks.

Prompt engineering

See 9 more sources

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets2 days ago

Frontier AI Models Can Find Crypto's Biggest Bugs. Experts Warn the Industry Isn't Ready5 days agoJason Nelson

Will AI Kill the Bug Bounty Industry?4 days agoKevin Townsend

AI Is Helping Discover Tech Vulnerabilities—And Zcash Is Just the Latest Example5 days agoJason Nelson

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft5 days agoJason Nelson

AI Agents Still Can't Stop Prompt Injection Attacks, Researchers Warn1 day agoJason Nelson

An active attack is planting backdoors inside Claude Code right now. If you use npm, your credentials may already be compromised.5 days agojohnypitaDiscuss

Control for agentic payments should start at infrastructure4 days agoSignificant-Plant-4Discuss

The Claude Code active attack didn't stop. 294,842 secrets stolen from 6,943 machines. It evolved and now spreads through Python too and uses Claude Code itself to steal your secrets. The risk to your credentials just got bigger.3 days agojohnypitaDiscuss

The Hacker News

1 day ago