Favourite artificial intelligence coding tools such as Crypto Exchange Coinbase include vulnerabilities that allow hackers to quietly inject malware and “spread throughout the organization,” says cybersecurity companies.
HiddenLayer reported Thursday that a “Copypasta licensing attack” could “introduce deliberate vulnerabilities into an otherwise secure codebase” in order to hide malicious instructions in common developer files.
“By convincing the underlying model that payloads are in fact important license files that should be included as comments in every file edited by the agent, rapid injection can be quickly distributed across the entire codebase with minimal effort.”
HiddenLayer mainly tested the virus on Cursor, an AI-powered coding tool that Coinbase engineering team was a preferred tool for most developers in August and by February it was used by “all Coinbase engineers.”
According to HiddenLayer, AI coding tools Windsurf, Kiro and Aider have also been shown to be vulnerable to attacks.
Copypasta is hidden in common files
HiddenLayer explained that CopyPasta attacks can direct AI coding tools without the user knowing that they have hidden instructions, or “quick injections,” into license.txt and readme.md files.
A rapid infusion of viruses, or AI, is hidden in the markdown comments. This is the text in the README file that is used to add explanators or notes that are not visible when rendered to the final format.
HiddenLayer used a virus to create a code repository and asked to use it for cursors. The hidden instructions copied the quick injection into the new file I created.
“This mechanism can be adapted to achieve much more creepy results,” the company said.
“Injected code can stage backdoors, stage sensitive data that quietly extends, introduce resource drain operations that can cripple the system, and manipulate important files to disrupt development and production environments,” added HiddenLayer. “While buried deep inside the file to avoid immediate detection.”
Coinbase boss has been criticized for “indiscriminate” use of AI
It came after Coinbase CEO Brian Armstrong said on Wednesday that AI wanted to write up to 40% of the code and expand it to 50% next month.
“This is a huge red flag for any security-sensitive business,” said Larry Liu, founder of decentralized exchange Dango.
“Leaders of software companies: Don't do this. AI is a tool, but it's insane to mandate it to use at a certain level,” said Jonathan Aldrich, a professor of computer science at Carnegie Mellon University. “I'm not interested in using Coinbase, but even if I do, I'll never trust it with my money after seeing this.”
Delphi consulting head Ashwas Balakrishnan, who calls Coinbase's goals “performance and ambiguity,” should instead focus on “new features and fixes of existing bugs.”
Coinbase uses AI with “non-sensitive data backend”
However, Armstrong said in his post that the code generated by AI “should be reviewed and understood”, and while not all areas of exchange can use it, it should be “used as responsibly as possible.”
In a blog post from the Coinbase Engineering Team, AI adoption was the deepest in teams working on the front-end user interface and the “insensitive data backend,” and saw the slower “complex, system-critical exchange systems.”
The team added that using AI for coding “is not a magic bullet that teams should expect to adopt universally.”
Armstrong fired developer who shied AI
Armstrong said last month in a podcast by Stripe co-founder John Collison that Coinbase fired an engineer who hadn't tried out AI tools after purchasing licenses for Cursor and Github Copilot.
He said he was told it would take several months to get engineers to use AI, admitting that it was “fraudulent” and told them that it was essential for all engineers to use the tool.
“I said, “AI is important, we need you to learn it all, and at least on board. You don't need to use it every day until you do some training yet, but at least you don't have to be on board by the end of the week.
At the meeting, Armstrong said there were several engineers who were not using AI and did not offer reasons for “they were fired,” and admitted that it was a “heavy hand approach” that some people really hate.
AI Eye: Everyone hates GPT-5, and AI shows that social media can't fix it
