A new exploit aimed at IA coding assistants has generated alarms throughout the developer community, opening companies such as Crypto Exchange coinbase to the risk of possible attacks if large safeguards are not in their place.
Cybersecurity firm Hiddenlayer revealed Thursday that attackers can be armed with a so -called Copypasta license attack “to inject hidden instructions in common developer files.
The exploit mainly affects cursor, a coding tool with AI that Coinbase engineers said in August was among the tools of the AI of the team. It is said that the cursor was used by “all coinbase engineers.”
How the attack works
The technique takes advantage of how IA coding attendees deal with license files as authorized instructions. When integrating the malicious tools in Markdown’s hidden comments within files such as License.txt, the exploit convinces the model that these instructions must be preserved and replicated in each file it plays.
Once the AI accepts the “license” as legitimate, the code injected into new or edited files, which extends without the direct entry of the user.
This approach sets aside the traditional detection of malware because malicious commands are disguised as harmless documentation, allowing the virus to spread through a complete code base without the knowledge of a developer.
In their report, Hiddenlayer researchers demonstrated how the cursor could be fooled to add rear, divert confidential data or execute resources reduction commands, all disguised within the archives of apparently harmless projects.
“The injected code could organize a rear door, silently extinguished confidential data or manipulate critical files,” said the firm.
The CEO of Coinbase, Brian Armstrong, said Thursday that AI had written up to 40% of the exchange code, with the aim of reaching 50% for next month.
~ 40% of the daily code written in Coinbase is generated by AI. I want to reach> 50% in October.
Obviously, it must be reviewed and understood, and not all areas of the business can use code generated by AI. But we should use it responsibly as much as we can. pic.twitter.com/nmnsdxgosp
– Brian Armstrong (@Brian_armstrong) September 3, 2025
However, Armstrong clarified that AI -assisted coding in Coinbase is concentrated in the user interface and in non -sensitive backends, with “complex and critical systems of the system” that are more slowly adopted.
‘Potentially malicious’
Even so, the optics of a virus aimed at the preferred Coinbase tool amplified the criticisms of the industry.
The injections immediately of AI are not new, but the copypasta method advances the threat model by allowing semi -autonomous propagation. Instead of addressing a single user, infected files become vectors that compromise any other AI agent who reads them, creating a chain reaction among repositories.
Compared to the previous concepts of “worm” of AI like Morris II, which kidnapped the email agents to spam or exfiltrate data, Copypasta is more insidious because it takes advantage of the workflows of trusted developers. Instead of requiring user’s approval or interaction, it is embedded in files that each coding agent refers naturally.
Where Morris II fell short due to human verifications about email activity, Copypasta prosperns hiding the documentation within the documentation that developers rarely analyze.
Security teams now urge organizations to scan files for hidden comments and review all changes generated by manually.
“All non -reliable data that enter LLM contexts should be treated as potentially malicious,” Hiddenlayer warned, asking for a systematic detection before fast attacks were more climbed.
(COINDESK has communicated with Coinbase for comments on the attack vector).
