A new cybersecurity threat, known as the “CopyPasta License Attack,” targets Cursor, an AI-powered coding tool used by many developers, including those at Coinbase. Discovered by HiddenLayer, this vulnerability allows malicious actors to inject harmful code into common developer files like LICENSE.txt and README.md. These hidden “prompt injections” can lead to malware propagation across an organization’s systems without detection. As AI tools like Cursor play an increasingly critical role, vulnerabilities like this highlight significant security risks. Coinbase CEO Brian Armstrong noted up to 40% of their code is AI-generated, raising alarms about potential backdoors and data breaches. Critics argue that AI adoption must include stricter security measures, as tools currently produce inconsistent results in identifying vulnerabilities. The evolving threat landscape emphasizes the importance of robust safeguards and human oversight in development. Organizations are urged to enhance defenses and monitor emerging threats to navigate the challenges posed by AI in cybersecurity.
Source link
