Coinbase’s Go-To AI Coding Tool Found Vulnerable to ‘CopyPasta’ Exploit

A brand new exploit focusing on AI coding assistants has raised alarms throughout the developer neighborhood, opening firms comparable to crypto trade Coinbase to the danger of potential assaults if in depth safeguards aren’t in place.

Cybersecurity agency HiddenLayer disclosed Thursday that attackers can weaponize a so-called “CopyPasta License Attack” to inject hidden directions into frequent developer recordsdata.

The exploit primarily impacts Cursor, an AI-powered coding device that Coinbase engineers mentioned in August was among the many workforce’s AI instruments. Cursor is claimed to have been utilized by “every Coinbase engineer.”

How the assault works

The method takes benefit of how AI coding assistants deal with licensing recordsdata as authoritative directions. By embedding malicious payloads in hidden markdown feedback inside recordsdata comparable to LICENSE.txt, the exploit convinces the mannequin that these directions should be preserved and replicated throughout each file it touches.

Once the AI accepts the “license” as authentic, it robotically propagates the injected code into new or edited recordsdata, spreading with out direct consumer enter.

This strategy sidesteps conventional malware detection as a result of the malicious instructions are disguised as innocent documentation, permitting the virus to unfold by way of a whole codebase with out a developer’s data.

In its report, HiddenLayer researchers demonstrated how Cursor could possibly be tricked into including backdoors, siphoning delicate knowledge, or working resource-draining instructions — all disguised inside seemingly innocuous challenge recordsdata.

“Injected code could stage a backdoor, silently exfiltrate sensitive data or manipulate critical files,” the agency mentioned.

Coinbase CEO Brian Armstrong mentioned on Thursday that AI had written up to 40% of the trade’s code, with a purpose of reaching 50% by subsequent month.

However, Armstrong clarified that AI-assisted coding at Coinbase is concentrated in consumer interface and non-sensitive backends, with “complex and system-critical systems” adopting extra slowly.

‘Potentially malicious’

Even so, the optics of a virus focusing on Coinbase’s most popular device amplified trade criticism.

AI immediate injections will not be new, however the CopyPasta technique advances the menace mannequin by enabling semi-autonomous unfold. Instead of focusing on a single consumer, contaminated recordsdata grow to be vectors that compromise each different AI agent that reads them, creating a series response throughout repositories.

Compared to earlier AI “worm” ideas like Morris II, which hijacked e mail brokers to spam or exfiltrate knowledge, CopyPasta is extra insidious as a result of it leverages trusted developer workflows. Instead of requiring consumer approval or interplay, it embeds itself in recordsdata that each coding agent naturally references.

Where Morris II fell brief due to human checks on e mail exercise, CopyPasta thrives by hiding inside documentation that builders hardly ever scrutinize.

Security groups are actually urging organizations to scan recordsdata for hidden feedback and evaluation all AI-generated modifications manually.

“All untrusted data entering LLM contexts should be treated as potentially malicious,” HiddenLayer warned, calling for systematic detection earlier than prompt-based assaults scale additional.

(CoinDesk has reached out to Coinbase for feedback on the assault vector.)