A new vulnerability has been exposed in AI coding tools, raising security concerns about Coinbase's aggressive AI policies.

A new AI coding vulnerability can silently spread malware throughout the codebase through hidden Markdown instructions, raising widespread concerns in the cybersecurity and crypto assets communities. Cybersecurity company HiddenLayer pointed out that several AI assistants, including the tool Cursor preferred by Coinbase employees, possess this vulnerability. This discovery has intensified criticism from developers and security experts regarding Coinbase CEO Brian Armstrong's aggressive AI promotion policy, as he has stated that 40% of Coinbase's code is written by AI and has fired engineers who refused to use the tool.

“CopyPasta License Attack”: AI Coding Assistants Face Malware Threat

According to a report by the cybersecurity company HiddenLayer, a vulnerability known as the “CopyPasta License Attack” exploits how AI tools parse common developer files such as LICENSE.txt and README.md. By embedding malicious instructions in Markdown comments (which are usually hidden in the rendered view), attackers can manipulate AI coding assistants to spread malware without the developers' knowledge.

HiddenLayer pointed out in a report: “The injected code can deploy backdoors, steal sensitive data, or manipulate critical systems, all of which are hidden deep within the files, making them difficult to detect immediately.” The company used Coinbase's AI coding assistant Cursor, adopted by each engineer since February, as an example to demonstrate this vulnerability. HiddenLayer also stated that other tools such as Windsurf, Kiro, and Aider have similar vulnerabilities.

This concern arose after Coinbase CEO Brian Armstrong announced that AI is now writing 40% of the company's code. His goal is to increase this proportion to 50% next month. The statement immediately drew criticism from cybersecurity experts, developers, and insiders in the Crypto Assets industry, who warned of the significant risks associated with the mandatory adoption of AI. Larry Lyu, founder of the decentralized exchange Dango, called it a “huge warning sign for any security-sensitive business.” Carnegie Mellon University professor Jonathan Aldrich described the policy as “insane” and stated that he would no longer trust Coinbase's funds after hearing about it.

Coinbase Defense and Internal Disputes

Despite facing strong opposition, Armstrong still defended the initiative, stating that AI-generated code must be reviewed and will not be used in all parts of the business. Coinbase's engineering team clarified in a blog post that the use of AI is more common in front-end and less sensitive systems, while “system-critical trading systems” are managed more cautiously.

However, Armstrong admitted in a podcast with Stripe co-founder John Collison that he had aggressively pushed for AI onboarding and even fired engineers who refused to use these tools. “I was pretty crazy back then,” Armstrong said, “they were fired.”

TIME magazine named Coinbase as the “Most Influential Company” of 2025

As reported, TIME magazine has selected Coinbase as one of the 100 most influential companies of 2025, calling this crypto assets trading platform a “disruptor” for its significant role in shaping U.S. digital asset policy and market. TIME magazine pointed out that the trading platform is a key force driving industry policy efforts and predicts that Coinbase may become a central hub for crypto trading in the U.S. Furthermore, Coinbase is also expanding its business in Europe, having obtained a license under the EU MiCA regulatory framework through the Luxembourg financial regulatory authority.

Conclusion

The exposure of the AI coding tool vulnerability has led people to reassess how to balance security and risk while pursuing technological advancement and efficiency. Coinbase's aggressive AI adoption policy has raised serious concerns within the community, especially in an industry that is centered on trust and security. Although Coinbase has been named a “disruptor” by TIME magazine and has made progress in its global expansion, the emergence of this vulnerability and internal controversies serve as a reminder to all companies, particularly in the financial sector, that they must approach any risks that may affect system integrity and the security of user funds with the utmost rigor. In the context of rapidly adopting new technologies, ensuring that human oversight and security review mechanisms are robust enough will be key to determining the future success or failure of enterprises.

TXT0.02%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 17
  • 1
  • Share
Comment
0/400
GateUser-8f30af0evip
· 10-03 23:33
Hold on tight, we are about to To da moon 🛫
View OriginalReply0
SOYLUvip
· 09-23 10:23
1000x Vibes 🤑
Reply0
KİNGLİONvip
· 09-09 21:55
Ape In 🚀
Reply0
KİNGLİONvip
· 09-09 21:55
Ape In 🚀
Reply0
GateUser-36168621vip
· 09-08 12:20
Steadfast HODL💎
View OriginalReply0
GateUser-36168621vip
· 09-08 12:20
Steadfast HODL💎
View OriginalReply0
Sub-account1vip
· 09-08 06:38
Hold on tight, we are about to To da moon 🛫
View OriginalReply0
Sub-account1vip
· 09-08 06:38
Steadfast HODL💎
View OriginalReply0
Sub-account1vip
· 09-08 06:38
Just go for it💪
View OriginalReply0
Sub-account1vip
· 09-08 06:34
GT is king 👑
View OriginalReply0
View More
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate App
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)