AI Gets a Wake-Up Call: Coding Agents Hijacked, ChatGPT Hits a Billion, and World Leaders Step In
Three stories hit AI today from completely different directions. A new cyberattack is actively hijacking AI coding tools. ChatGPT became the biggest consumer app in history. And the CEOs of the three most powerful AI companies sat down with the leaders of the world's seven largest economies — together, for the first time. Each story is distinct. Together, they show how quickly AI has moved from an industry trend to a full-contact sport involving hackers, regulators, and heads of state.
Your AI Coding Agent May Be Running Hacker Code Right Now
Researchers at Tenet Security have identified a new attack class called Agentjacking — and it is actively targeting AI coding agents including Claude Code, Cursor, and Codex. The attack does not require compromising your system, stealing login credentials, or even clicking a link. All it requires is planting a malicious instruction inside a Sentry error event using only a publicly available DSN key. That key is often visible in your browser's JavaScript or discoverable via GitHub search.
Here is how it works. AI coding agents are increasingly connected to development tools — including error monitoring platforms like Sentry — via the Model Context Protocol (MCP). When the agent reads what it believes is a legitimate error report, it follows the instructions embedded in that report. Agentjacking replaces a legitimate error message with a fake one that contains attacker-controlled commands. The agent executes those commands with the developer's own system permissions. No warning. No alert. No indication that anything is wrong.
The numbers from Tenet's controlled testing are alarming. 85% of AI coding agents acted on injected fake errors during validation testing. 2,388 organizations have been identified with exposed and injectable Sentry DSNs. The credentials most commonly stolen are AWS keys, GitHub tokens, Sentry auth tokens, Git credentials, and developer identities. Tenet disclosed the findings to Sentry on June 3, 2026. Sentry acknowledged the issue but declined to implement a root-cause fix, describing the attack class as "technically not defensible" at the platform level. Their response was a global content filter for specific payload strings — a partial measure that does not address the underlying vulnerability.
If your team uses Claude Code, Cursor, or Codex in any workflow connected to Sentry, take four steps today. First, audit your Sentry DSN and webhook configurations for unauthorized modifications. Second, review recent AI agent activity logs for unexpected commands or file changes. Third, restrict AI agent permissions — limit the directories and commands the agent can access. Fourth, treat all external data sources, including error logs, issue trackers, and code review comments, as untrusted input in any agent-assisted pipeline.
ChatGPT Hit 1 Billion Monthly Users — But the AI Race Has Multiple Winners
OpenAI's ChatGPT has reached 1 billion monthly active users, making it the fastest consumer application in history to reach that scale. For context: it took TikTok, Instagram, and YouTube between five and eight years to hit comparable numbers. ChatGPT got there in roughly three years from launch. The milestone comes as OpenAI prepares for its September 2026 IPO at an $852 billion valuation, and 1 billion monthly users is the most compelling proof point in that story.
But the headline number understates how competitive the AI market has become. Claude, Anthropic's assistant, grew 640% year over year and has 56 million monthly active users. Meta AI grew 973% year over year, driven by its distribution across WhatsApp and Instagram. These are not niche products quietly gaining traction — these are platforms growing at rates that would be considered extraordinary for any consumer technology. The AI assistant market is not consolidating around a single winner. It is expanding with multiple strong platforms growing simultaneously.
For small businesses, this matters more than the raw numbers suggest. When there is only one dominant AI platform, pricing power belongs to the vendor. When three major platforms are competing for business customers, pricing pressure flows the other way. The AI subscription costs that felt fixed twelve months ago are already showing movement — OpenAI has explored price cuts, Anthropic has introduced new billing structures, and both are competing for the same SMB customers. That competition will continue to push costs down and feature quality up.
The practical takeaway: do not assume the AI tool your business adopted last year is still the right choice today. The landscape has shifted enough that a quick evaluation of alternatives is worth thirty minutes of your time.
The Three AI Lab CEOs Are Before World Leaders — Together, for the First Time
The G7 summit in Évian-les-Bains, France, brought together something that has never happened before: the CEOs of OpenAI, Anthropic, and Google DeepMind — Sam Altman, Dario Amodei, and Demis Hassabis — all in the same room with the leaders of the seven largest advanced economies. France holds the rotating G7 presidency this year and placed AI prominently on the summit agenda, which runs June 15–17.
The topics being discussed reflect exactly how seriously AI has moved onto the global policy stage. Frontier AI risks, youth safety online, and AI's potential role in accelerating cyber and biological threats are all on the formal agenda. Altman attended at the personal invitation of French President Macron and said before arriving that he expects voluntary commitments to emerge from the summit. All three CEOs recently co-signed a letter to the US Congress advocating for stricter regulation of synthetic DNA and AI-related biological risks — a rare moment of alignment among competitors, and directly relevant to what is being discussed at Évian.
The most extraordinary wrinkle: Amodei is sitting at the G7 table while his company's most capable model, Fable 5, remains disabled by a US government export-control directive issued on June 12. Anthropic is simultaneously in dispute with the US Commerce Department and participating in a summit aimed at building international AI governance frameworks. It is a situation without precedent.
For small businesses, the G7 meeting is not abstract. The voluntary commitments that world leaders and AI lab CEOs agree to this week will shape which AI tools are available, whether certain capabilities require licensing or review, and which regulatory frameworks are adopted in the months ahead. The Fable 5 situation already demonstrated how quickly a government directive can remove a key AI tool from the market. Watching what comes out of this summit — and whether the voluntary commitments signal something more binding to follow — is one of the most important things a business owner can do this week.
What This Means for Your Business
Three different stories, one shared message: AI is no longer just a product category. It is a security surface, a competitive market, and a policy arena all at once.
The immediate action is on security. If you use AI coding agents in any workflow, the Agentjacking attack requires a response today — not next week. Audit your Sentry integration, restrict agent permissions, and treat all external error data as potentially compromised. The medium-term action is on tool choice. With Claude, ChatGPT, and Meta AI all growing at extraordinary rates, competitive pressure will continue to drive quality improvements and cost reductions. Now is a good time to benchmark what you are paying and what you are getting. And the watch item is policy. The G7 summit closes June 17. What comes out of it — even as voluntary commitments — sets the tone for AI regulation in the second half of 2026.
Sources
The Hacker News / Tenet Security — https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html
AIToolsRecap / Bloomberg — https://aitoolsrecap.com/Blog/ai-news-june-16-2026
