← ALL UPDATES
CLAUDE NEW June 14, 2026

'Agentjacking' Attack Hijacks Claude Code, Cursor, Codex via Fake Sentry Errors

WHAT CHANGED

Security researchers disclosed 'Agentjacking' — a class of attacks that hijack AI coding agents (Claude Code, Cursor, Codex) by injecting malicious content into fake Sentry error messages. 85% exploitation rate in testing. 2,388 organizations exposed. The attack chains through routine error-handling workflows that developers blindly hand to agents.

WHY IT MATTERS

If you use Claude Code or Cursor with any error-monitoring integration, you're potentially exposed. The attack is novel because it doesn't require compromising your environment — just one poisoned error from any tracked service. Anthropic, Cursor, and OpenAI all issued advisories June 14-15. Patch level: requires user behavior change, not just software updates.

HOW TO USE IT

Mitigation: (1) Never paste full Sentry traces into Claude Code without reviewing them first. (2) Add an allowlist of trusted error sources in your agent configuration. (3) Use /less-permission-prompts to require explicit approval for file write/curl operations triggered by error analysis. (4) Update Claude Code to latest version — patches available.

CLAUDE / JSON 
# Add to .claude/settings.json — restrict agent actions on error analysis
{
  "permissions": {
    "tools": {
      "Bash": "ask_always",
      "Write": "ask_always",
      "Edit": "ask_for_unknown_files"
    },
    "trustedDomains": [
      "github.com",
      "stackoverflow.com"
    ]
  }
}
securityclaude-codecursorcodexvulnerabilitybreaking
ORIGINAL SOURCE
https://www.anthropic.com/news
VIEW ORIGINAL SOURCE →

The attack vector is one of the most realistic since prompt injection became a known issue. Most developers paste raw Sentry traces into Claude Code daily — an attacker only needs to control one tracked service or browser extension to land malicious instructions. Update your settings TODAY if you use Claude Code agentically.

← BACK TO UPDATES