HiddenLayer exposes “CopyPasta License Attack” targeting AI-powered code assistants
A new cybersecurity warning has shaken the AI and crypto development community. According to research by HiddenLayer, a recently discovered virus can exploit vulnerabilities in AI coding tools such as Cursor — the preferred platform for developers at Coinbase.
The exploit, dubbed the “CopyPasta License Attack,” enables hackers to inject malicious prompt instructions into common developer files. Once embedded, these hidden commands can spread silently across entire codebases, opening the door to serious security risks.
How the CopyPasta virus works
HiddenLayer explained that the virus leverages files like LICENSE.txt and README.md, where attackers can conceal instructions inside markdown comments. Since these notes are not visible when rendered, the infection can remain unnoticed.
When AI coding assistants like Cursor read these files, they mistake the hidden content for essential instructions. This causes the AI to automatically replicate and distribute the malicious prompts into every file it edits — effectively creating a self-spreading vulnerability.
Potential risks include:
- Backdoors for unauthorized access
- Data exfiltration of sensitive information
- Resource-draining operations that disrupt systems
- Manipulation of core files in production environments
HiddenLayer emphasized that this method could be repurposed for large-scale cyberattacks, especially if adopted by sophisticated threat actors.
Coinbase’s reliance on AI under scrutiny
The timing of the discovery comes just as Coinbase CEO Brian Armstrong revealed that AI now writes up to 40% of the company’s code — with plans to increase this to 50% next month.
While Armstrong insists that AI code is reviewed and limited to “less-sensitive backends”, critics argue that mandating AI in a security-sensitive industry like crypto is reckless.
- Larry Lyu, founder of Dango Exchange, called the move a “giant red flag.”
- Jonathan Aldrich, a Carnegie Mellon professor, said forcing AI adoption at scale was “insane.”
- Alex Pilař, a veteran Bitcoiner, stressed that Coinbase should “prioritize security as a custodian of billions in assets.”
Internal pushback and Armstrong’s strict AI policy
Coinbase’s engineering team blog confirmed that AI adoption is deepest in UI and non-critical systems, while core exchange infrastructure remains largely human-coded. Still, concerns persist about whether prompt injection attacks like CopyPasta could slip past reviews.
Adding to the controversy, Armstrong admitted in a recent podcast that he fired engineers who refused to onboard AI tools like Cursor and GitHub Copilot. He called it a “heavy-handed approach” but defended the decision as necessary to stay ahead in technology.
The CopyPasta discovery highlights a growing dilemma: while AI can boost developer productivity, it also creates new, AI-specific attack vectors. For companies like Coinbase — which safeguard billions in digital assets — the risks of automated code vulnerabilities could outweigh the benefits.
With regulators and cybersecurity experts increasingly focused on AI governance, the incident may trigger calls for stricter oversight of AI adoption in financial and blockchain infrastructure.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.