HiddenLayer Research has disclosed a critical vulnerability dubbed the "CopyPasta Attack" affecting Cursor AI and other popular AI coding tools including Windsurf, Amazon's Kiro, and Aider. The exploit allows attackers to inject malicious instructions into commonly ignored files like LICENSE.txt and README.md, which AI coding assistants then mistake as essential requirements and propagate across entire codebases.
The vulnerability poses particular risk to Coinbase, where Cursor has become the preferred AI coding tool. Coinbase CEO Brian Armstrong revealed that 40% of the exchange's daily code is now AI-generated, with a target of exceeding 50% by October 2025. This represents an extraordinary level of dependence for a company securing over $420 billion in digital assets.
Security researchers describe the CopyPasta Attack as "Prompt Injection 2.0," blending social engineering with technical exploits to bypass defenses not designed for AI systems. The attack can stage backdoors, steal sensitive keys, or quietly break systems while remaining buried deep within files to avoid detection.
This disclosure comes amid growing crypto security concerns, with platforms losing over $3.1 billion in the first half of 2025 alone. Nearly 60% of those losses came from access control failures, and AI-powered hacks are playing an increasing role.
HiddenLayer has issued fixes in Cursor version 1.3, but experts warn that patches alone won't solve the broader problem of AI security immaturity in critical financial infrastructure.
