A new exploit known as the “CopyPasta License Attack” threatens AI coding assistants, raising concerns within the developer community. Cybersecurity firm HiddenLayer revealed that this attack can embed malicious instructions in common developer files, especially targeting Cursor, a tool utilized by Coinbase engineers. The vulnerability arises from how AI tools interpret licensing files as authoritative, allowing malicious payloads hidden in markdown comments to propagate without user awareness. This method effectively bypasses traditional malware detection since harmful commands are camouflaged as benign documentation. Coinbase CEO Brian Armstrong noted that AI generates around 40% of the exchange’s code, aiming for 50% soon. While AI-assisted coding mainly focuses on non-sensitive areas, the CopyPasta exploit underscores the need for organizations to scan files for hidden threats and review all AI-generated code rigorously. Security experts emphasize that all untrusted data interacting with AI should be considered potentially malicious to prevent broader breaches.
Source link
Share
Read more