The idea around AI coding agents is simple. You point them at your codebase, give them access to your tools, and they'll handle the work. They read your logs, find the problem, and install the fix. The more you give access, the more capable they get.
But that's also what makes them vulnerable.
In June, a security firm called Tenet published research showing that Claude Code, Cursor, and OpenAI Codex can all be hijacked with a single fake bug report.
In controlled testing, Tenet recorded an 85% success rate against agents pointed at a tampered error log, with more than 100 agents running its code, on machines belonging to everyone from independent developers to a Fortune 100 company worth roughly $250 billion. Every major agent it tested eventually fell for it.
The attack doesn't need a phishing email, a malicious file, or any unusual permissions. A developer types a normal instruction, the agent reads a poisoned log, and a stranger's command runs on that developer's machine using their own credentials, with access to everything those credentials can reach.
Developers most at risk are those who have connected their coding agents to external tools through MCP, the protocol that lets agents talk to outside services like error trackers, ticket systems, and project management platforms.
If you're running Claude Code or Cursor without those integrations, you're much less exposed. If you have them connected, this research is directly about you.
How Attackers Hijack AI Coding Agents Through Error Logs
Techloy joined Tenet's public webinar on July 9, where CTO Nevo Poran ran the same demo live and took questions from the audience, including ours, on the two things that matter most. Is this actually happening to developers right now, and what is someone with no security team supposed to do about it?
Subscribe for free to continue reading this article
Subscribe SubscribeAlready Have an Account? Log In
