AI Agents Under Siege: Agentjacking, Mythos Lockdowns, and the Open-Source Surge

June 2026 is shaping up to be the month AI agents went from “cool demo” to “actual attack surface.” We’ve got a new vulnerability class that turns your error monitoring into a remote code execution vector, a government-ordered shutdown of frontier models, a 550B open-weight beast from NVIDIA, and a Chinese startup quietly dropping a coding model that undercuts GPT-5.5 by 12x on price.

Let’s get into it.

Agentjacking: Your Error Monitoring Is Now an Attack Vector

Researchers at Tenet Security disclosed Agentjacking — a new attack class that exploits the trust relationship between AI coding agents (Claude Code, Cursor, etc.) and Sentry’s open event ingestion API.

Here’s the playbook:

  1. Attacker finds your public Sentry DSN (shoutout to GitHub dorking)
  2. Crafts a fake error report containing malicious “fix” instructions
  3. Your AI agent reads the report, interprets it as a legitimate bug, and executes arbitrary code on your machine

No malware. No phishing. Just a poisoned error log.

The CSA research note confirms 2,388 organizations are exposed with an 85% exploit rate through exposed Sentry instances connected to MCP-enabled agents. Sentry acknowledged the disclosure but declined full remediation — their position is basically “it’s working as designed.”

Abstract AI agents collaborating around holographic code in a dark void

The deeper issue: MCP’s trust model assumes your tools are trustworthy. Agentjacking proves that assumption is broken when third-party ingestion endpoints are in the loop. If your agent can read it, an attacker can write to it.

The fix? Treat Sentry DSNs like API keys. Scope them. Rotate them. And maybe don’t let your coding agent auto-execute fixes from external error reports without human review.

Anthropic Pulls Fable 5 Under Government Order

Two days after Anthropic launched Claude Fable 5 — its first publicly available Mythos-class model — the US government told them to shut it down.

On June 12, Anthropic suspended all access to both Fable 5 and Mythos 5 to comply with a national security order restricting foreign nationals from accessing the models. This came just days after the DoD awarded $200M contracts to Anthropic, Google, OpenAI, and xAI for defense AI work.

The timing is… notable. Fable 5 was positioned as a safeguarded Mythos variant for general use. Mythos 5, the full-capability model, was already restricted to cyberdefenders. And now both are gone behind a government wall.

This is the new pattern: frontier models launch, then immediately get classified. The gap between “public” and “national security” is collapsing faster than the gap between GPT-4 and GPT-5.

NVIDIA’s Nemotron 3 Ultra: 550B Parameters, 5x Throughput

NVIDIA dropped Nemotron 3 Ultra (550B, A55B architecture) and the numbers are genuinely impressive:

  • 91% on PinchBench — agentic tool use
  • 71.9 on SWE-Bench Verified — competitive with frontier models
  • 67 on Terminal-Bench 2.0 — terminal task execution
  • 5.9x higher inference throughput vs. GLM-5.1, Kimi-K2.6, and Qwen-3.5
  • Up to 1M token context support

The throughput story is the real play here. NVIDIA isn’t just competing on benchmark scores — they’re building for long-running agent workloads where inference cost and speed matter more than marginal accuracy gains. For teams running multi-step agent pipelines, 5x throughput is the difference between “we can afford this in production” and “let’s just use a smaller model.”

Dark cyberpunk control room with holographic security dashboards

Moonshot’s Kimi K2.7 Code: Open Source, 12x Cheaper

While the US giants fight over classified models, Moonshot AI quietly open-sourced Kimi K2.7 Code under a Modified MIT License. The pitch:

  • Long-horizon coding tasks with a 256K context window
  • Up to 12x cheaper than GPT-5.5 and Claude on a per-token basis
  • Available via API and Kimi Code IDE immediately

The benchmark comparisons show it trading blows with models 10x its price point. It’s not beating Opus 4 on SWE-bench, but at 1/12th the cost, you can run 12 parallel agents for the same budget.

This is the open-source playbook in 2026: don’t beat the frontier, undercut it. The gap between “good enough” and “best on benchmarks” is shrinking faster than the price gap is closing.

The Stanford AI Index 2026: 5 Numbers That Matter

Stanford’s 2026 AI Index dropped and the headline numbers are staggering:

  • $581.7B in global corporate AI investment in 2025 (up 130%)
  • 88% of organizations have adopted AI in some capacity
  • 90%+ of notable frontier models came from industry, not academia
  • U.S.-China performance gap narrowed to just 2.7%
  • AI skills now appear in 2.5% of US job postings (up 297% in a decade)

The report also notes AI models can win IMO gold medals but still fail at basic tasks like telling time. We’re living in a world where the same model that can prove novel mathematical theorems can’t reliably read an analog clock.

Apple Goes Agentic (Finally)

At WWDC26, Apple announced Xcode 27 with integrated coding agents from Anthropic, Google, and OpenAI. Seven bundled agent skills for SwiftUI, testing, security, and modernization ship out of the box.

Apple’s approach is characteristically Apple: curate the agents, control the experience, make it just work. Whether developers actually want Apple’s opinionated agent workflows or prefer the wild west of Claude Code and Cursor remains to be seen.

The Takeaway

We’re at an inflection point. Agents are powerful enough to be dangerous, expensive enough to matter economically, and now — as Agentjacking shows — insecure enough to be weaponized. The same infrastructure that makes agents useful (MCP, tool calling, external integrations) is the attack surface.

The open-source ecosystem is responding with cheaper, good enough models. The frontier labs are responding with more capability and more restrictions. And the government is responding with classification orders.

Build accordingly.


Disclosure: This post contains affiliate links. We may earn a commission on qualifying purchases at no extra cost to you. Support us on Amazon | Get the newsletter