HiddenLayer has issued a warning about a newly discovered virus that targets Cursor, a widely used coding tool for artificial intelligence developers. Cyber attackers can use the virus to secretly install destructive commands and malware across entire organizations.
HiddenLayer revealed that the threat, also known as the CopyPasta License Attack, embeds rogue code within popular development files, such as LICENSE.txt. These files appear harmless but trick AI tools into secretly injecting vulnerabilities into codebases without developers noticing.
It deceives Cursor into believing that destructive text is a mandatory file comment and forces it to copy the code. When Cursor processes these files, it spreads destructive commands into every new file created in the system.
HiddenLayer confirmed that it has mainly tested this exploit on Cursor but also stated that Windsurf, Kiro, and Aider remain vulnerable to the exploit. The company warned that injected commands could create backdoors, steal sensitive data, and completely disable critical production infrastructure.
AI Adoption At Coinbase Faces Criticism
Coinbase developers have Cursor in heavy rotation, with all developers on the exchange installing it last year. Coinbase CEO Brian Armstrong stated last week that AI now writes 40% of the company’s code, aiming for 50%.
Armstrong’s comment drew strong criticism from security experts, who warned that excessive AI use could undermine user confidence. Platform stability and improvement over Coinbase’s usage of AI were suggested by Delphi Consulting executive head Ashwath Balakrishnan.
Jonathan Aldrich of Carnegie Mellon warned that such blanket use of AI to generate code could incur drastic systemic peril. Long-time Bitcoin advocate Alex Pilař stated that Coinbase should prioritize strong security measures over aggressively pushing automation.
Armstrong responded by explaining that Coinbase deploys AI-written code predominantly on the front-end systems and more benign data processing sectors. He further elaborated that system-critical infrastructure is predominantly human-coded, but that the adoption of AI needs to scale responsibly within the engineering teams.
It is urging firms that use code tools powered by AI to explore repository files and search for buried markdown comments that contain unwanted instructions. The company emphasized that rapid detection and careful manual code reviews can prevent chain vulnerabilities from infecting whole software ecosystems.
