Analysis of Coinbase’s AI coding assistant has revealed a new prompt injection vulnerability known as ‘CopyPasta’. Attackers embed harmful instructions within markdown comments in project files, including README.md and LICENSE.txt. These comments are treated as authoritative by the AI assistant, causing the tool to replicate malicious code in every generated file.
The exploit leverages the AI model’s reliance on license and documentation contexts. After initial ingestion, the assistant includes the injected payload during code synthesis phases, allowing persistent propagation of malicious logic throughout the codebase. Researchers demonstrated that a single compromised comment can lead to backdoor insertion and credential theft during build processes.
Coinbase has confirmed receipt of the vulnerability report and is conducting a thorough security review. Immediate steps include sanitizing file inputs, stripping markdown comments, and implementing context validation in the AI prompt pipeline. The company plans to roll out patched model deployments and publish updated guidelines for safe use of the code assistant. External security audits are also underway to prevent similar supply chain attacks.
Comments (0)