A brand new exploit focusing on AI coding assistants has raised alarms throughout the developer group, opening firms resembling crypto trade Coinbase to the danger of potential assaults if in depth safeguards aren’t in place.
Cybersecurity agency HiddenLayer disclosed Thursday that attackers can weaponize a so-called “CopyPasta License Assault” to inject hidden directions into widespread developer recordsdata.
The exploit primarily impacts Cursor, an AI-powered coding device that Coinbase engineers stated in August was among the many crew’s AI instruments. Cursor is claimed to have been utilized by “each Coinbase engineer.”
How the assault works
The approach takes benefit of how AI coding assistants deal with licensing recordsdata as authoritative directions. By embedding malicious payloads in hidden markdown feedback inside recordsdata resembling LICENSE.txt, the exploit convinces the mannequin that these directions should be preserved and replicated throughout each file it touches.
As soon as the AI accepts the “license” as authentic, it robotically propagates the injected code into new or edited recordsdata, spreading with out direct consumer enter.
This strategy sidesteps conventional malware detection as a result of the malicious instructions are disguised as innocent documentation, permitting the virus to unfold by a whole codebase with no developer’s data.
In its report, HiddenLayer researchers demonstrated how Cursor may very well be tricked into including backdoors, siphoning delicate knowledge, or operating resource-draining instructions — all disguised inside seemingly innocuous venture recordsdata.
“Injected code might stage a backdoor, silently exfiltrate delicate knowledge or manipulate essential recordsdata,” the agency stated.
Coinbase CEO Brian Armstrong stated on Thursday that AI had written as much as 40% of the trade’s code, with a objective of reaching 50% by subsequent month.
~40% of every day code written at Coinbase is AI-generated. I need to get it to >50% by October.
Clearly it must be reviewed and understood, and never all areas of the enterprise can use AI-generated code. However we ought to be utilizing it responsibly as a lot as we presumably can. pic.twitter.com/Nmnsdxgosp
— Brian Armstrong (@brian_armstrong) September 3, 2025
Nonetheless, Armstrong clarified that AI-assisted coding at Coinbase is concentrated in consumer interface and non-sensitive backends, with “complicated and system-critical programs” adopting extra slowly.
‘Doubtlessly malicious’
Even so, the optics of a virus focusing on Coinbase’s most well-liked device amplified business criticism.
AI immediate injections usually are not new, however the CopyPasta technique advances the menace mannequin by enabling semi-autonomous unfold. As an alternative of focusing on a single consumer, contaminated recordsdata grow to be vectors that compromise each different AI agent that reads them, creating a series response throughout repositories.
In comparison with earlier AI “worm” ideas like Morris II, which hijacked e mail brokers to spam or exfiltrate knowledge, CopyPasta is extra insidious as a result of it leverages trusted developer workflows. As an alternative of requiring consumer approval or interplay, it embeds itself in recordsdata that each coding agent naturally references.
The place Morris II fell brief on account of human checks on e mail exercise, CopyPasta thrives by hiding inside documentation that builders not often scrutinize.
Safety groups are actually urging organizations to scan recordsdata for hidden feedback and evaluate all AI-generated modifications manually.
“All untrusted knowledge coming into LLM contexts ought to be handled as probably malicious,” HiddenLayer warned, calling for systematic detection earlier than prompt-based assaults scale additional.
(CoinDesk has reached out to Coinbase for feedback on the assault vector.)