TLDR: A critical vulnerability, dubbed the “CopyPasta License Attack,” has been discovered in AI-powered coding tools, including Cursor, which is widely used by Coinbase. This exploit allows attackers to embed hidden malicious instructions in common developer files, potentially leading to the silent spread of malware across entire codebases.
A significant cybersecurity threat has emerged within the rapidly evolving landscape of AI-powered coding tools, directly impacting companies like cryptocurrency exchange Coinbase. A newly disclosed vulnerability, termed the “CopyPasta License Attack,” allows for the stealthy injection and propagation of malware across entire codebases, raising alarms among cybersecurity and crypto communities. Coinbase’s preferred AI coding assistant, Cursor, is among several tools identified as susceptible to this exploit.
According to cybersecurity firm HiddenLayer, the flaw leverages how AI tools interpret common developer files such as `LICENSE.txt` and `README.md`. Attackers can embed harmful instructions within markdown comments, often hidden from rendered views, which then manipulate AI code assistants into propagating malicious code without developers’ awareness. HiddenLayer demonstrated this exploit using Cursor, the AI coding assistant reportedly adopted by every Coinbase engineer as of February. The firm also noted similar vulnerabilities in other tools, including Windsurf, Kiro, and Aider.
The potential ramifications are severe, with HiddenLayer warning that “injected code could stage a backdoor, exfiltrate sensitive data, or manipulate critical systems, all while remaining buried deep inside files.”
This revelation comes on the heels of Coinbase CEO Brian Armstrong’s aggressive push for AI integration within the company. Just a day prior to the exploit’s disclosure, Armstrong claimed that AI now generates up to 40% of Coinbase’s code, a figure he aims to increase to over 50% by October. This ambitious target has drawn considerable criticism from cybersecurity experts, developers, and crypto insiders, who voiced concerns about the risks associated with mandated AI adoption.
Larry Lyu, founder of decentralized exchange Dango, described the situation as “a giant red flag for any security-sensitive business.” Carnegie Mellon professor Jonathan Aldrich went further, calling Coinbase’s policy “insane.” Reports also indicate that Armstrong had previously mandated engineers to adopt AI development tools within a week, with those resisting the shift facing termination.
The broader implications for crypto infrastructure security are significant. The integration of AI in 2025 has boosted efficiency but simultaneously exposed systemic vulnerabilities through insecure APIs and adversarial machine learning attacks. A Chainalysis report indicates that over $2.17 billion was stolen from cryptocurrency services in 2025, with AI-related exploits surging by 1,025%. The “CopyPasta License Attack” underscores the amplified risks associated with open-source software, as malicious code can be embedded in foundational components.
Also Read:
- Coinbase Mandates AI for Code Generation, Sparking Efficiency Gains and Security Concerns
- New ‘Parallel-Poisoned Web’ Attack Targets AI Agents with Hidden Malicious Content
To mitigate these escalating risks, experts recommend that firms adopt a zero-trust architecture, prioritize both peer and AI code audits, and integrate static analysis tools into their development workflows. Furthermore, governance frameworks must evolve to address agentic AI systems, which, despite their autonomous task execution capabilities, currently lack clear accountability for errors.
