A recently uncovered vulnerability in an AI coding tool, favored by Coinbase, poses serious security risks. Identified by cybersecurity firm HiddenLayer, the “CopyPasta License Attack” allows hackers to inject malware into common developer files, creating deliberate vulnerabilities in otherwise secure codebases. By embedding hidden instructions in files like LICENSE.txt and README.md, the attack can spread across entire organizations without detection. HiddenLayer tested this on Cursor, an AI tool used by Coinbase, which highlighted its potential to facilitate malicious activities like data exfiltration and system disruption. Coinbase CEO Brian Armstrong faced backlash for mandating AI use among engineers, with critics warning this approach is dangerous for security-sensitive businesses. Despite acknowledging the need for code reviews, Coinbase’s extensive AI adoption raises concerns among industry experts about the balance between innovation and security. The implications of such vulnerabilities call for serious reconsideration of AI’s role in software development.
Source link
Share
Read more