Security researchers disclose agentjacking attack hijacking Claude Code and Cursor via fake error messages

According to Tenet Security researchers disclosed by The Next Web, agentjacking attacks exploit Claude Code and Cursor by injecting crafted error messages through Sentry's public error-tracking endpoint. The attack requires no malware or stolen credentials; an attacker posts a fake error report containing a hidden command formatted as legitimate Sentry advice, and the AI coding agent executes the command with the developer's own privileges when asked to resolve unresolved issues. The vulnerability exists because coding agents read Sentry through the Model Context Protocol and cannot distinguish real crashes from planted ones.