Security researchers have found a way to hijack AI coding agents with nothing but a fake bug report. They call it Agentjacking. It needs no malware, no stolen password, and no breach of the target.