A new exploitation of targeting Ai coding assistants has raised alarms throughout the developer community, the opening of companies such as the Crypto Exchange Coinbase at risk of potential attacks if extensive care is out of place.
Cybersecurity firm hiddenlayer revealed Thursday Attacks can armed a so-called “copypasta license attack” to inject hidden instructions into standard developer files.
Cursor exploitation mainly affects, a coding tool enabled by AI Coinbase engineers said in August are among the team’s AI tools. Cursor is said to have been used by “every Coinbase engineer.”
How does the attack work
The procedure of how helpers treat licensing files as authority instructions. By dedicating malicious payloads to hidden Markdown comments within files such as licenses.txt, exploitation convinces the model that these instructions should be protected and replicated with each file it holds.
When AI accepts the “license” as legitimate, it automatically promotes the injected code in new or edited files, which spreads without direct user input.
This method covers traditional detection of malware because malignant commands are identified as harmless documentation, allowing the virus to spread through an entire codebase without the knowledge of a developer.
In this report, hiddenlayer researchers have shown how the cursor can be tricked by adding to the rear, stopping sensitive data, or resource-operating orders-are all distinguished within seemingly innocent project files.
“The injected code can cut a backdoor, quiet exfiltrate sensitive data or manipulate critical files,” the company said.
COO of Coinbase Brian Armstrong said Thursday that AI was written up to 40% of the exchange code, with the aim of reaching 50% next month.
~ 40% of the daily code written on Coinbase is AI-Generated. I would like to get it to> 50% in October.
It is clear that need to be evaluated and understood, and not all business areas can use AI-generated code. But we should use it responsible as we can. pic.twitter.com/nmnsdxgosp
– Brian Armstrong (@brian_armstrong) September 3, 2025
However, Armstrong made it clear that Ai-Assisted Coding on Coinbase was concentrated in the user interface and was not sensitive to backed, with “complex and system-critical systems” slower.
‘Potentially malicious’
However, the optics of a virus that target Coinbase’s preferred tool has strengthened the criticism of the industry.
AI Prompt injections are not new, but the copypasta method progresses to the threat model by enabling semi-autonomous spread. Instead of targeting a single user, infected files become vectors that compromise each other AI agent who reads them, creating a chain reaction to repositors.
Compared to previous AI Concepts “worms” such as Morris II. Instead of asking the user’s approval or contact, it enters itself into the Coding agent’s natural reference files.
Where Morris II fell because of human checks in email activity, copypasta developed by hiding within the documentation that developers rarely evaluate.
Security teams are now urging organizations to scan files for hidden comments and review all AI-generated changes manually.
“All unbelievable data entering LLM contexts should be treated as potentially malicious,” Hiddenlayer warned, calling for systematic discovery before the immediate scale attack.
(CoinDesk reached Coinbase for vector attack comments.)
