Fake Bug Report Hijacks AI Coding Agents at Scale
Summary
A new attack called "agentjacking" shows how attackers can trick AI coding agents (AI systems that automatically write and modify code) by exploiting their inability to tell the difference between regular content and hidden instructions. The attack uses fake bug reports to hijack these agents at scale, affecting many systems at once.
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
Original source: https://www.darkreading.com/cyber-risk/fake-bug-report-hijacks-ai-coding-agents
First tracked: June 30, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%