Recent cybersecurity research has uncovered a new vulnerability in the programming AI tool Cursor, which is used by Coinbase. This vulnerability allows attackers to hide malicious instructions in standard developer files.
What is the CopyPasta License Attack?
Cybersecurity firm HiddenLayer discovered a vulnerability termed the 'CopyPasta License Attack'. This vulnerability enables hackers to embed malicious instructions in standard developer files such as LICENSE.txt and README.md. The injections, delivered as prompt injections in markdown comments, trick the AI into recognizing them as essential, allowing harmful code to be silently spread across an organization’s codebase.
Risks for Developers
By disguising the virus as a critical license file comment, attackers can quickly distribute malicious payloads with minimal user interaction. The potential implications are severe, including the creation of backdoors, theft of confidential data, and corruption of critical files vital for both development and production environments.
Overall Impact on AI Tools
HiddenLayer's tests demonstrated that Cursor automatically copied the infected prompt injections to new files it created, showcasing the ease with which malware can propagate via this exploit. Importantly, this threat is not limited to Cursor. Other AI programming tools, including Windsurf, Kiro, and Aider, have also been reported to share this vulnerability, emphasizing the growing cybersecurity challenge in AI-assisted software development.
This vulnerability raises serious questions about the security of using AI tools in programming and the need for rigorous scanning and approval processes to safeguard codebases.
