{"id":46073,"date":"2025-09-06T05:32:09","date_gmt":"2025-09-06T05:32:09","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=46073"},"modified":"2025-09-06T05:32:09","modified_gmt":"2025-09-06T05:32:09","slug":"coinbases-go-to-ai-coding-tool-found-vulnerable-to-copypasta-exploit","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=46073","title":{"rendered":"Coinbase\u2019s Go-To AI Coding Tool Found Vulnerable to \u2018CopyPasta\u2019 Exploit"},"content":{"rendered":"
\n

A new exploit targeting AI coding assistants has raised alarms across the developer community, opening companies such as crypto exchange Coinbase to the risk of potential attacks if extensive safeguards aren\u2019t in place.<\/p>\n

Cybersecurity firm HiddenLayer disclosed Thursday<\/a> that attackers can weaponize a so-called \u201cCopyPasta License Attack\u201d to inject hidden instructions into common developer files.<\/p>\n

The exploit primarily affects Cursor, an AI-powered coding tool that Coinbase engineers said in August<\/a> was among the team’s AI tools. Cursor is said to have been used by \u201cevery Coinbase engineer.\u201d<\/p>\n

How the attack works<\/h2>\n

The technique takes advantage of how AI coding assistants treat licensing files as authoritative instructions. By embedding malicious payloads in hidden markdown comments within files such as LICENSE.txt, the exploit convinces the model that these instructions must be preserved and replicated across every file it touches. <\/p>\n

Once the AI accepts the \u201clicense\u201d as legitimate, it automatically propagates the injected code into new or edited files, spreading without direct user input. <\/p>\n

This approach sidesteps traditional malware detection because the malicious commands are disguised as harmless documentation, allowing the virus to spread through an entire codebase without a developer\u2019s knowledge.<\/p>\n

In its report, HiddenLayer researchers demonstrated how Cursor could be tricked into adding backdoors, siphoning sensitive data, or running resource-draining commands \u2014 all disguised inside seemingly innocuous project files.<\/p>\n

\u201cInjected code could stage a backdoor, silently exfiltrate sensitive data or manipulate critical files,\u201d the firm said.<\/p>\n

Coinbase CEO Brian Armstrong said on Thursday that AI had written up to 40% of the exchange\u2019s code, with a goal of reaching 50% by next month.<\/p>\n

However, Armstrong clarified that AI-assisted coding at Coinbase is concentrated in user interface and non-sensitive backends, with \u201ccomplex and system-critical systems\u201d adopting more slowly.<\/p>\n

‘Potentially malicious’<\/h2>\n

Even so, the optics of a virus targeting Coinbase\u2019s preferred tool amplified industry criticism.<\/p>\n

AI prompt injections are not new, but the CopyPasta method advances the threat model by enabling semi-autonomous spread. Instead of targeting a single user, infected files become vectors that compromise every other AI agent that reads them, creating a chain reaction across repositories.<\/p>\n

Compared to earlier AI \u201cworm\u201d concepts like Morris II<\/a>, which hijacked email agents to spam or exfiltrate data, CopyPasta is more insidious because it leverages trusted developer workflows. Instead of requiring user approval or interaction, it embeds itself in files that every coding agent naturally references.<\/p>\n

Where Morris II fell short due to human checks on email activity, CopyPasta thrives by hiding inside documentation that developers rarely scrutinize.<\/p>\n

Security teams are now urging organizations to scan files for hidden comments and review all AI-generated changes manually.<\/p>\n

\u201cAll untrusted data entering LLM contexts should be treated as potentially malicious,\u201d HiddenLayer warned, calling for systematic detection before prompt-based attacks scale further.<\/p>\n

(CoinDesk has reached out to Coinbase for comments on the attack vector.)<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

A new exploit targeting AI coding assistants has raised alarms across the developer community, opening companies such as crypto exchange Coinbase to the risk of potential attacks if extensive safeguards aren\u2019t in place. Cybersecurity firm HiddenLayer disclosed Thursday that attackers can weaponize a so-called \u201cCopyPasta License Attack\u201d to inject hidden instructions into common developer files. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-46073","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/46073","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=46073"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/46073\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=46073"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=46073"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=46073"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}