AI Coding Tool Favored by Coinbase Exposes Organizations to Self-Replicating Malware, Experts Warn

Coinbase’s bold AI bet may be opening the door to disaster. As CEO Brian Armstrong pushes the exchange to become more AI-centric—with nearly half of its daily code now generated by artificial intelligence—security experts are warning that this rapid shift could expose the company to devastating vulnerabilities.

The alarm was triggered by a critical flaw discovered in Cursor, a leading AI-powered coding assistant reportedly used by every Coinbase engineer. Cybersecurity firm HiddenLayer revealed that attackers can hide malicious code inside developer files like README.md or LICENSE.txt using invisible markdown comments.

When AI code assistants treat these files as authoritative, the malware can silently propagate across an entire codebase—staging backdoors, stealing data, or corrupting production systems, all while remaining undetected.

Cursor has been shown to be vulnerable to so-called “CopyPasta License Attacks,” with other AI tools such as Windsurf, Kiro, and Aider also exhibiting similar weaknesses.

The flaw exploits the way AI models respect legal and documentation headers, allowing malware to self-replicate across projects—a modern parallel to the infamous “Morris II” email worms, but faster, stealthier, and with far less human interaction required.

Coinbase’s Rapid AI Rollout Draws Industry Backlash

These revelations come just days after Armstrong boasted that 40% of Coinbase’s code output is AI-generated, with plans to push the figure past 50% by October. The aggressive rollout even included a mandate giving engineers one week to adopt tools like Cursor—or face dismissal.

The security community has sharply criticized the approach. Larry Lyu, founder of Dango, called it a “giant red flag,” while Carnegie Mellon professor Jonathan Aldrich said the policy raises serious concerns about entrusting funds to a company mandating AI-written code.

Coinbase has since clarified that most AI-generated code is limited to user-facing and front-end apps, with “system-critical exchange systems” protected by stricter safeguards.

But incidents like a $500,000 crypto heist and recurring vulnerabilities in AI ecosystems underscore how automation can amplify risk in the world’s most security-sensitive industry.

Security Roadmap and Sector-Wide Implications

While Cursor v1.3 includes patches, experts stress that fixes alone aren’t enough. Defending against prompt-injection attacks—which combine social engineering with technical exploits—requires rigorous human code review, strict separation of instructions from content, and ongoing monitoring adapted for AI workflows.

The urgency is clear: $3.1 billion in crypto was lost to hacks in early 2025, with nearly 60% linked to access and control vulnerabilities—many magnified by AI-driven automation. HiddenLayer and other firms warn that unless adoption slows and safeguards catch up, the race to automate could leave not just Coinbase, but the entire crypto sector, dangerously exposed.