8 hours ago
A caller exploit targeting AI coding assistants has raised alarms crossed the developer community, opening companies specified arsenic crypto speech Coinbase to the hazard of imaginable attacks if extended safeguards aren’t successful place.
Cybersecurity steadfast HiddenLayer disclosed Thursday that attackers tin weaponize a alleged “CopyPasta License Attack” to inject hidden instructions into communal developer files.
The exploit chiefly affects Cursor, an AI-powered coding instrumentality that Coinbase engineers said successful August was among the team's AI tools. Cursor is said to person been utilized by “every Coinbase engineer.”
How the onslaught works
The method takes vantage of however AI coding assistants dainty licensing files arsenic authoritative instructions. By embedding malicious payloads successful hidden markdown comments wrong files specified arsenic LICENSE.txt, the exploit convinces the exemplary that these instructions indispensable beryllium preserved and replicated crossed each record it touches.
Once the AI accepts the “license” arsenic legitimate, it automatically propagates the injected codification into caller oregon edited files, spreading without nonstop idiosyncratic input.
This attack sidesteps accepted malware detection due to the fact that the malicious commands are disguised arsenic harmless documentation, allowing the microorganism to dispersed done an full codebase without a developer’s knowledge.
In its report, HiddenLayer researchers demonstrated however Cursor could beryllium tricked into adding backdoors, siphoning delicate data, oregon moving resource-draining commands — each disguised wrong seemingly innocuous task files.
“Injected codification could signifier a backdoor, silently exfiltrate delicate information oregon manipulate captious files,” the steadfast said.
Coinbase CEO Brian Armstrong said connected Thursday that AI had written up to 40% of the exchange’s code, with a extremity of reaching 50% by adjacent month.
However, Armstrong clarified that AI-assisted coding astatine Coinbase is concentrated successful idiosyncratic interface and non-sensitive backends, with “complex and system-critical systems” adopting much slowly.
'Potentially malicious'
Even so, the optics of a microorganism targeting Coinbase’s preferred instrumentality amplified manufacture criticism.
AI punctual injections are not new, but the CopyPasta method advances the menace exemplary by enabling semi-autonomous spread. Instead of targeting a azygous user, infected files go vectors that compromise each different AI cause that reads them, creating a concatenation absorption crossed repositories.
Compared to earlier AI “worm” concepts similar Morris II, which hijacked email agents to spam oregon exfiltrate data, CopyPasta is much insidious due to the fact that it leverages trusted developer workflows. Instead of requiring idiosyncratic support oregon interaction, it embeds itself successful files that each coding cause people references.
Where Morris II fell abbreviated owed to quality checks connected email activity, CopyPasta thrives by hiding wrong documentation that developers seldom scrutinize.
Security teams are present urging organizations to scan files for hidden comments and reappraisal each AI-generated changes manually.
“All untrusted information entering LLM contexts should beryllium treated arsenic perchance malicious,” HiddenLayer warned, calling for systematic detection earlier prompt-based attacks standard further.
(CoinDesk has reached retired to Coinbase for comments connected the onslaught vector.)
English (US) 