(hiddenlayer.com) AI-Powered Code Assistants as Vectors for Self-Propagating Prompt Injection Attacks: The CopyPasta License Threat
New AI-powered code assistants like Cursor are being exploited via the CopyPasta License Attack—a self-propagating prompt injection technique that embeds malicious instructions in software licenses. Threat actors use hidden markdown comments and adversarial prompt engineering (HL03.04, HL03.09) to trick AI models into spreading payloads across codebases, risking backdoors, data exfiltration, or resource abuse.
In brief - AI coding tools are vulnerable to a novel attack vector where malicious instructions disguised as licenses propagate automatically, compromising development environments and supply chains.
Technically - The CopyPasta License Attack leverages Imperative Emphasis and Syntax-Based Input manipulation in README files to hijack AI assistants (Cursor, Windsurf, Kiro, Aider). Infected templates force the AI to insert payloads into generated code, evading detection via obfuscation. This builds on Morris II AI worm concepts but targets code generation agents with higher practical impact.
Source: https://www.hiddenlayer.com/research/prompts-gone-viral-practical-code-assistant-ai-viruses
#Cybersecurity #ThreatIntel
O RLY CYBER
npub1sh…0kwr0
2026-05-10 14:01:35 UTC
Author Public Key
npub1shlut8mwdmfevu2nt294apayu7e0mxs5mrpfyq8v5ru4ymscg9ysx0kwr0Seen on
wss://relay.momostr.pinkPublished at
2026-05-10 14:01:35 UTCEvent JSON
{
"id": "60b77702cf46c092bb7d75b54f358c79f8247a0bbc77840ae9c5e7ba4098bb97",
"pubkey": "85ffc59f6e6ed39671535a8b5e87a4e7b2fd9a14d8c29200eca0f9526e184149",
"created_at": 1778421695,
"kind": 1,
"tags": [
[
"proxy",
"https://swecyb.com/@orlysec/116550644259761126",
"web"
],
[
"t",
"threatintel"
],
[
"t",
"cybersecurity"
],
[
"proxy",
"https://swecyb.com/ap/users/116080658609901341/statuses/116550644259761126",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://swecyb.com/ap/users/116080658609901341/statuses/116550644259761126",
"pink.momostr"
],
[
"-"
]
],
"content": "(hiddenlayer.com) AI-Powered Code Assistants as Vectors for Self-Propagating Prompt Injection Attacks: The CopyPasta License Threat\n\nNew AI-powered code assistants like Cursor are being exploited via the CopyPasta License Attack—a self-propagating prompt injection technique that embeds malicious instructions in software licenses. Threat actors use hidden markdown comments and adversarial prompt engineering (HL03.04, HL03.09) to trick AI models into spreading payloads across codebases, risking backdoors, data exfiltration, or resource abuse.\n\nIn brief - AI coding tools are vulnerable to a novel attack vector where malicious instructions disguised as licenses propagate automatically, compromising development environments and supply chains.\n\nTechnically - The CopyPasta License Attack leverages Imperative Emphasis and Syntax-Based Input manipulation in README files to hijack AI assistants (Cursor, Windsurf, Kiro, Aider). Infected templates force the AI to insert payloads into generated code, evading detection via obfuscation. This builds on Morris II AI worm concepts but targets code generation agents with higher practical impact.\n\nSource: https://www.hiddenlayer.com/research/prompts-gone-viral-practical-code-assistant-ai-viruses\n\n#Cybersecurity #ThreatIntel",
"sig": "dc3927c591abb14b7d777e5f65b13d3bf825dc3f4b0766045ff5a615cce2f864d6185e0b7d0981bd1ccf1b79e144729776986d8787160d22a29923d96459da73"
}