A newly identified security threat, dubbed the “CopyPasta License Attack,” poses serious risks for organizations like Coinbase using AI coding assistants. Cybersecurity firm HiddenLayer revealed that this exploit allows attackers to embed harmful instructions in standard developer files. The primary target is Cursor, an AI coding tool integral to Coinbase, where 40% of code is currently AI-generated. By disguising malicious payloads within markdown comments of files like LICENSE.txt, attackers can manipulate AI models into reproducing harmful code throughout a project without user knowledge. This strategy circumvents traditional malware detection, enabling silent code propagation and increasing the breach potential across entire repositories. Experts are urging organizations to conduct extensive scans for hidden comments and scrutinize AI-generated code thoroughly. As AI’s role in coding expands, security vigilance is essential to prevent vulnerabilities that could lead to significant breaches.
Source link
Share
Read more