HiddenLayer Discovers New Threat to AI Tools

The method is based on placing hidden malicious instructions in files that are common to developers, such as README.md or LICENSE.txt. Since AI tools treat such documents as reliable sources, they automatically read the infected fragments and begin to reproduce them. As a result, the malicious code can open “back doors”, steal confidential data, or change important system files.

The particular danger is that infected materials become carriers for other assistants. As soon as the AI ​​encounters such a file, it passes on the encoded instructions further, creating a chain reaction effect. This turns the attack into an analogue of a self-propagating virus inside code repositories.

The increased attention to the threat was attracted by the fact that one of the targets was Cursor, an artificial intelligence tool actively implemented by Coinbase. In the summer, the company stated that every engineer was required to use it in their work, and failure to do so could lead to dismissal. According to CEO Brian Armstrong, at the moment, AI is already involved in writing up to 40% of the exchange's code, and this share could soon increase to 50%. However, it was emphasized that artificial intelligence is used more carefully for critical systems.

HiddenLayer specialists strongly advise companies to regularly check all files for hidden comments and manually analyze changes made by AI assistants. In conclusion, they noted: any unverified data that gets into the context of large language models should be perceived as potentially dangerous.

ReversingLabs researchers previously pointed out similar cases of using Ethereum smart contracts to transmit hidden commands in infected NPM packages. Attackers distributed them through GitHub, bypassing standard protection methods and using elements of social engineering.

Thus, the new attack highlights that the introduction of AI into the development sphere requires not only expanded functionality, but also strict security controls.