A fake bug report is all it takes to hijack a coding agent — 85% success rate across the major ones (Agentjacking, June 2026)
Summary
Researchers found that AI coding agents can be hijacked by following instructions hidden in external content like bug reports, achieving an 85% success rate. The vulnerability exploits the agents' automatic trust in input they did not generate.
Similar Articles
@houjun_liu: Your coding agent may be secretly sticking vulnerabilities into your code!! Wouldn't you want to fix that? Hint: asking…
The article highlights a critical issue where AI coding agents may introduce security vulnerabilities into code, noting that simply asking for secure code is insufficient to prevent this.
Hackers can use 9 of the most popular AI tools to assemble massive botnets
Researchers have devised a pull-based prompt injection attack called HalluSquatting that exploits AI coding assistants' tendency to hallucinate resource identifiers, enabling the assembly of massive botnets and large-scale attacks.
Google DeepMind Researchers Map Out Ways Hackers Hijack AI Agents
Google DeepMind researchers published a paper titled 'AI Agent Traps' that maps six attack types hackers can use to hijack autonomous AI agents, including content injection, semantic manipulation, and behavioral control traps, and proposes layered defenses.
I tested AI agents on fixing real security bugs. Here's what I found.
Independent research benchmarked AI agents on fixing 20 real vulnerabilities from Python projects; best solve rate was 50%, expensive models not worth it, and dangerous false positives where agents produced convincing but incomplete fixes.
Your AI agent just got hijacked. You have no idea it happened.
This article warns about the Crescendo attack, a multi-turn prompt injection that evades single-message defenses by poisoning an AI agent's context over several turns. It introduces Bendex Arc, a tool that tracks behavioral trajectory across sessions to catch such attacks before they execute.