A new exploitation that targets AI coding assistants has raised alarms across the developer community and opened companies such as Crypto Exchange Coinbase to the risk of potential attacks whose extensive protective measures are not in place.
Cyber Security Company HiddenLayer revealed Thursday that attackers can weapon a so-called “copypasta license attack” to inject hidden instructions into joint developer files.
The utilization primarily affects cursor, an AI-driven coding tool, as Coinbase Engineers said in August was among the team’s AI tools. It is said that the cursor has been used by “any coin base engineer.”
How the attack works
The technique benefits from how AI coding assistants treat licensing files as authoritative instructions. By integrating malicious payload into hidden Markdown comments within files such as License.txt convinces the utilization of the model that these instructions must be preserved and replicated across each file it touches.
When AI accepts the “License” as legitimate, it automatically propagates the injected code in new or edited files and spreads without direct user input.
This approach separates traditional malware detection because the malicious commands are disguised as harmless documentation, allowing the virus to spread through an entire code base without a developer’s knowledge.
In his report, HiddenLayer scientists demonstrated how the cursor could fool into adding back doors, sifoning sensitive data, or running resource drainage commands-all disguised inside seemingly harmless project files.
“Injected code could arrange a back door, silently exfilter sensitive data or manipulate critical files,” the company said.
Coinbase CEO Brian Armstrong said on Thursday that AI had written up to 40% of Exchange’s code with a goal of reaching 50% by next month.
~ 40% of the daily code written on Coinbase is AI-generated. I want it to> 50% in October.
Obviously, it must be reviewed and understood, and not all areas of the company can use AI-generated code. But we had to use it responsibly as much as we might. pic.twitter.com/nmnsdxgosp
– Brian Armstrong (@Brian_armstrong) September 3, 2025
However, Armstrong clarified that AI-Assisted Coding at Coinbase is concentrated in user interface and non-sensitive backends, with “complex and system-critical systems” that adopt slower.
‘Potentially malicious’
Still, reinforced the optics of a virus targeted at Coinbase’s preferred tooling tool, industrial criticism.
AI-fast injections are not new, but the copypasta method promotes the threat model by enabling semi-autonomous spread. Instead of targeting a single user, infected files become vectors that compromise any other AI agent that reads them, creating a chain reaction across warehouses.
Compared to previous AI “Worm” concepts such as Morris II, which hijacked E -Mail agents for spam or exfiltrate data, copypasta is more insidious because it exploits the developer’s workflows. Instead of requiring user authentication or interaction, it is embed in files that every code of code naturally refers to.
Where Morris II came short due to human control by e -mail activity, copypasta thrives by hiding inside the documentation that developers rarely control.
Security teams are now calling on organizations to scan files according to hidden comments and review all AI-generated changes manually.
“All non-confused data that enters LLM contexts must be treated as potentially malicious,” warned Hiddenlayer, calling for systematic detection before the quick-based attack scale further.
(Coindesk has reached Coinbase for comments to the attack vector.)
