New exploits targeting AI coding assistants will raise alarms across the developer community and risk potential attacks when companies like Crypto Exchange Coinbase do not have large-scale safeguards in place.
Cybersecurity company HiddenLayer revealed Thursday that attackers can weaponize what is called “copy pasta licensing attacks” and inject hidden instructions into common developer files.
Exploits primarily affect the cursor. It's an AI-powered coding tool that Coinbase Engineers said in August that it was one of the team's AI tools. The cursor is said to have been used by “all Coinbase engineers.”
Attack mechanism
This technique utilizes the AI coding assistant treats license files as authoritative instructions. By embedding malicious payloads in markdown comments hidden within files such as license .txt, the exploit convinces the model that these instructions must be saved and replicated to all files.
When AI accepts “licensing” as legitimate, it automatically propagates the injected code to a new or edited file, spreading it directly without user input.
This approach is because malicious commands are disguised as harmless documents, avoiding traditional malware detection and allowing viruses to spread throughout the codebase without the knowledge of the developer.
In that report, researchers at HiddenLayer demonstrated how they tricked their cursor into adding backdoors, sucking up sensitive data, or running resource-drawing commands, disguised themselves within seemingly harmless project files.
“The injected code can be set in a backdoor and quietly remove sensitive data or manipulate important files,” the company said.
Coinbase CEO Brian Armstrong said Thursday that AI has written up to 40% of the exchange's code, with the goal of reaching 50% by next month.
Approximately 40% of the daily code written in Coinbase is generated by AI. I would like to be >50% by October.
Obviously, it needs to be reviewed and understood, and not all areas of your business can use AI-generated code. However, you should use it as responsibly as possible. pic.twitter.com/nmnsdxgosp
– Brian Armstrong (@brian_armstrong) September 3, 2025
However, Armstrong revealed that AI-assisted coding in Coinbase is concentrated on the user interface and the non-sensitive backend, and that “complex and system-critical systems” are being adopted more slowly.
“Potentially malicious”
Still, virus optics targeting Coinbase's favorite tools have amplified industry criticism.
AI prompt injection is nothing new, but the Copypasta method advances the threat model by enabling semi-autonomous spreading. Instead of targeting a single user, infected files become vectors that compromise all other AI agents reading them, creating a chain reaction throughout the repository.
Compared to previous AI “worm” concepts like Morris II, Copypasta is more negative as it leverages a trusted developer workflow. Instead of requesting user approval or interaction, all coding agents are embedded in files that they naturally refer to.
If Morris II was missing due to human checks for email activity, copy pasta thrives by hiding inside documents that developers rarely scrutinize.
The security team is now urging you to scan files for comments hidden in your organization and manually check all the changes that have been generated by all AI.
“All untrusted data entering LLM contexts should be treated as potentially malicious,” warned HiddenLayer, sought systematic detection before the rapid attacks escalate further.
(Coindesk contacted Coinbase for comment on the attack vector.
