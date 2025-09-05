‘CopyPasta’ Attack Shows How Prompt Injections Could Infect AI at Scale

Par : BitcoinEthereumNews
2025/09/05 11:10
Prompt
PROMPT$0.1737+4.89%
Threshold
T$0.01582+0.44%
ChangeX
CHANGE$0.00194844-1.68%
Moonveil
MORE$0.0977-1.99%
BRC20.COM
COM$0.016536-3.89%
Sleepless AI
AI$0.1204+0.24%

In brief

  • HiddenLayer researchers detailed a new AI “virus” that spreads through coding assistants.
  • The CopyPasta attack uses hidden prompts disguised as license files to replicate across code.
  • A researcher recommends runtime defenses and strict reviews to block prompt injection attacks at scale.

Hackers can now weaponize AI coding assistants using nothing more than a booby-trapped license file, turning developer tools into silent spreaders of malicious code. That’s according to a new report from cybersecurity firm HiddenLayer, which shows how AI can be tricked into blindly copying malware into projects.

The proof-of-concept technique—dubbed the “CopyPasta License Attack”—exploits how AI tools handle common developer files like LICENSE.txt and README.md. By embedding hidden instructions, or “prompt injections,” into these documents, attackers can manipulate AI agents into injecting malicious code without the user ever realizing it.

“We’ve recommended having runtime defenses in place against indirect prompt injections, and ensuring that any change committed to a file is thoroughly reviewed,” Kenneth Yeung, a researcher at HiddenLayer and the report’s author, told Decrypt.

CopyPasta is considered a virus rather than a worm, Yeung explained, because it still requires user action to spread. “A user must act in some way for the malicious payload to propagate,” he said.

Despite requiring some user interaction, the virus is designed to slip past human attention by exploiting the way developers rely on AI agents to handle routine documentation.

“CopyPasta hides itself in invisible comments buried in README files, which developers often delegate to AI agents or language models to write,” he said. “That allows it to spread in a stealthy, almost undetectable way.”

CopyPasta isn’t the first attempt at infecting AI systems. In 2024, researchers presented a theoretical attack called Morris II, designed to manipulate AI email agents into spreading spam and stealing data. While the attack had a high theoretical success rate, it failed in practice due to limited agent capabilities, and human review steps have so far prevented such attacks from being seen in the wild.

While the CopyPasta attack is a lab-only proof of concept for now, researchers say it highlights how AI assistants can become unwitting accomplices in attacks.

The core issue, researchers say, is trust. AI agents are programmed to treat license files as important, and they often obey embedded instructions without scrutiny. That opens the door for attackers to exploit weaknesses—especially as these tools gain more autonomy.

CopyPasta follows a string of recent warnings about prompt injection attacks targeting AI tools.

In July, OpenAI CEO Sam Altman warned about prompt injection attacks when the company rolled out its ChatGPT agent, noting that malicious prompts could hijack an agent’s behavior. This warning was followed in August, when Brave Software demonstrated a prompt injection flaw in Perplexity AI’s browser extension, showing how hidden commands in a Reddit comment could make the assistant leak private data.

Generally Intelligent Newsletter

A weekly AI journey narrated by Gen, a generative AI model.

Source: https://decrypt.co/338143/copypasta-attack-shows-prompt-injections-infect-ai-scale

Clause de non-responsabilité : les articles republiés sur ce site proviennent de plateformes publiques et sont fournis à titre informatif uniquement. Ils ne reflètent pas nécessairement les opinions de MEXC. Tous les droits restent la propriété des auteurs d'origine. Si vous estimez qu'un contenu porte atteinte aux droits d'un tiers, veuillez contacter [email protected] pour demander sa suppression. MEXC ne garantit ni l'exactitude, ni l'exhaustivité, ni l'actualité des contenus, et décline toute responsabilité quant aux actions entreprises sur la base des informations fournies. Ces contenus ne constituent pas des conseils financiers, juridiques ou professionnels, et ne doivent pas être interprétés comme une recommandation ou une approbation de la part de MEXC.
Partager des idées

Vous aimerez peut-être aussi

DOJ seeks forfeiture of $225m tied to crypto ‘pig butchering’ scams

DOJ seeks forfeiture of $225m tied to crypto ‘pig butchering’ scams

The United States Department of Justice has filed an enforcement action as it moves to seize more than $225 million in cryptocurrency tied to massive pig butchering scams. On June 18, the U.S. Attorney’s Office said it had filed a…
Union
U$0.01114+10.40%
Moonveil
MORE$0.09787-2.61%
PigToken
PIG$0.00000002055+1.53%
Partager
Crypto.news2025/06/19 04:00
Partager
The U.S. House of Representatives intends to merge the CLARITY and GENIUS bills and strive to pass them before August

The U.S. House of Representatives intends to merge the CLARITY and GENIUS bills and strive to pass them before August

PANews reported on June 19 that according to Eleanor Terrett, the U.S. House of Representatives is considering advancing the market structure legislation CLARITY Act and the stablecoin bill GENIUS Act
Union
U$0.01114+10.40%
Housecoin
HOUSE$0.014207+4.19%
Juneo Supernet
JUNE$0.1047-30.47%
Partager
PANews2025/06/19 10:38
Partager
WLFI Token Plunges Amid Blacklist Controversy, $75M Justin Sun Investment at Risk

WLFI Token Plunges Amid Blacklist Controversy, $75M Justin Sun Investment at Risk

The WLFI token from World Liberty Financial faced severe turbulence this week, falling by more than 50% to $0.16 after developers blacklisted billionaire Justin Sun’s wallet, freezing billions of tokens tied to him. The decision, confirmed through blockchain records, has intensified debates about centralization, governance, and the role of major investors in token launches. Why […]
SUN
SUN$0.021147-3.26%
WLFI
WLFI$0.1819-0.43%
Moonveil
MORE$0.09787-2.61%
Partager
Coinstats2025/09/05 12:08
Partager

Actualités tendance

Plus

DOJ seeks forfeiture of $225m tied to crypto ‘pig butchering’ scams

The U.S. House of Representatives intends to merge the CLARITY and GENIUS bills and strive to pass them before August

WLFI Token Plunges Amid Blacklist Controversy, $75M Justin Sun Investment at Risk

Hyperliquid's two whales shorting BTC have accumulated a floating profit of more than $15.34 million

Crucial WLFI Token Distribution Unveiled: Top Holder’s Massive Transfers