By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

BTCRepublic: Timely News & Analysis for Smarter Trading.

  • ABOUT
  • DISCLAIMER
  • CONTACT
New Logo Black BTCRepublic BTCRebpublic-New White Logo
  • Guides
    • Bitcoin
    • Ethereum
    • Altcoins
    • Blockchain
    • DeFi
    • Mining
    • NFTs
    • Wallets
  • News
    • Bitcoin News
    • Ethereum News
    • Altcoins News
    • NFT News
    • Memecoin News
    • Blockchain News
    • Stablecoins News
    • DeFi News
  • Reviews
    • Exchanges
    • Wallets
    • Casinos
    • Services
  • Price Predictions
    Price PredictionsShow More
    Solana (SOL) Price Faces Correction, But Bulls Eye $205
    Solana (SOL) Price Faces Correction, But Bulls Eye $205
    October 14, 2025
    Ethereum Price Prediction 2024, 2025
    Ethereum Price Prediction 2024, 2025: What to Expect for ETH by 2030
    October 18, 2025
    Bitcoin Price Rises To $78k
    Bitcoin Hits $65K as China Unveils Stimulus (September 2024)
    October 16, 2025
    Ethereum (ETH) Surged 15%
    Ethereum (ETH) Surged 15% In 7 Days Despite Whale Selloff
    October 14, 2025
    Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Model
    Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Models
    October 14, 2025
  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
Reading: ‘CopyPasta’ Attack Shows How Prompt Injections Could Infect AI at Scale
Share
  • bitcoinBitcoin(BTC)$113,904.38
  • ethereumEthereum(ETH)$4,090.86
  • tetherTether(USDT)$1.00
  • rippleXRP(XRP)$2.64
  • binancecoinBNB(BNB)$1,130.25
  • solanaSolana(SOL)$199.91
  • usd-coinUSDC(USDC)$1.00
  • staked-etherLido Staked Ether(STETH)$4,090.79
  • dogecoinDogecoin(DOGE)$0.199329
  • tronTRON(TRX)$0.298961
Font ResizerAa
BTCRepublicBTCRepublic
  • Guides
  • News
  • Reviews
  • Price Predictions
Search
  • Guides
    • Bitcoin
    • Ethereum
    • Altcoins
    • Blockchain
    • DeFi
    • Mining
    • NFTs
    • Wallets
  • News
    • Bitcoin News
    • Ethereum News
    • Altcoins News
    • NFT News
    • Memecoin News
    • Blockchain News
    • Stablecoins News
    • DeFi News
  • Reviews
    • Exchanges
    • Wallets
    • Casinos
    • Services
  • Price Predictions
Follow US
  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
© 2025 All Rights Reserved by BTCRepublic.

Home - AI News - ‘CopyPasta’ Attack Shows How Prompt Injections Could Infect AI at Scale

AI NewsNews

‘CopyPasta’ Attack Shows How Prompt Injections Could Infect AI at Scale

AI coding tools can be tricked by fake license files via CopyPasta attack to spread malicious code, security firm HiddenLayer warns.

Oladapo Timothy
Last updated: October 14, 2025 8:00 am
Oladapo Timothy
Published: October 14, 2025
Share
'CopyPasta' Attack Shows How Prompt Injections Could Infect AI at Scale
SHARE
Highlights
  • HiddenLayer researchers detailed a new AI “CopyPasta” attack that spreads through coding assistants.
  • The CopyPasta attack uses hidden prompts disguised as license files to replicate across code.
  • A researcher recommends runtime defenses and strict reviews to block prompt injection attacks at scale.

Hackers can now weaponize AI coding assistants using nothing more than a booby-trapped license file via CopyPasta attack, turning developer tools into silent spreaders of malicious code.

That’s according to a new report from cybersecurity firm HiddenLayer, which shows how AI can be tricked into blindly copying malware into projects.

btcrepublic advertise

The proof-of-concept technique—dubbed the “CopyPasta License Attack”—exploits how AI tools handle common developer files like LICENSE.txt and README.md. By embedding hidden instructions, or “prompt injections,” into these documents, attackers can manipulate AI agents into injecting malicious code without the user ever realizing it.

“We’ve recommended having runtime defenses in place against indirect prompt injections, and ensuring that any change committed to a file is thoroughly reviewed,” Kenneth Yeung, a researcher at HiddenLayer and the report’s author, told Decrypt.

CopyPasta is considered a virus rather than a worm, Yeung explained, because it still requires user action to spread. “A user must act in some way for the malicious payload to propagate,” he said.

Despite requiring some user interaction, the virus is designed to slip past human attention by exploiting the way developers rely on AI agents to handle routine documentation.

“CopyPasta hides itself in invisible comments buried in README files, which developers often delegate to AI agents or language models to write,” he said. “That allows it to spread in a stealthy, almost undetectable way.”

btcrepublic advertise 2

CopyPasta isn’t the first attempt at infecting AI systems. In 2024, researchers presented a theoretical attack called Morris II, designed to manipulate AI email agents into spreading spam and stealing data. While the attack had a high theoretical success rate, it failed in practice due to limited agent capabilities, and human review steps have so far prevented such attacks from being seen in the wild.

While the CopyPasta attack is a lab-only proof of concept for now, researchers say it highlights how AI assistants can become unwitting accomplices in attacks.

The core issue, researchers say, is trust. AI agents are programmed to treat license files as important, and they often obey embedded instructions without scrutiny. That opens the door for attackers to exploit weaknesses—especially as these tools gain more autonomy.

CopyPasta follows a string of recent warnings about prompt injection attacks targeting AI tools.

In July, OpenAI CEO Sam Altman warned about prompt injection attacks when the company rolled out its ChatGPT agent, noting that malicious prompts could hijack an agent’s behavior.

This warning was followed in August, when Brave Software demonstrated a prompt injection flaw in Perplexity AI’s browser extension, showing how hidden commands in a Reddit comment could make the assistant leak private data.

OKX Rolls Out USDT Futures for VIRTUAL and SUNDOG
PEPE Price Poised For Gains On Hype Around Ether ETF Approvals 
Crypto Market Rallies As Fear and Greed Index Turns Neutral
NYSE Criticizes SOS For Failing To Adhere To Compliance Rules
Binance Lists Ethena USDe for Spot Trading Pairs
TAGGED:AICopyPastaPrompt Injection

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
Subscription Form
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Email Print
Avatar for Oladapo Timothy
ByOladapo Timothy
Follow:
An expert, trader and writer with extensive experience of digital assets, covering everything related to the burgeoning crypto industry — from price analysis to Blockchain disruption. I have authored more than 2,000 stories for crypto and fintech media outlets. I am particularly interested in regulatory trends around the globe that are shaping the future of digital assets.
Previous Article Cardano (ADA) Gains Momentum as ETF Approval Odds Jump Cardano (ADA) Gains Momentum As ETF Approval Odds Jump
Next Article Here's Why “Bitcoin Could Go Below $100,000” This September Here’s Why “Bitcoin Could Go Below $100,000” This September
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe to Our Newsletter
Subscribe to our newsletter to get our newest articles instantly!
Subscription Form
Binance and Israeli Forces Allegedly Seize Palestine Crypto
Binance and Israeli Forces Allegedly Seize Palestine Crypto
News
Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Model
Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Models
Price Predictions
How To Buy Ripple (XRP) - A Step-by-Step Guide For Beginners
How To Buy Ripple (XRP) 2024 – A Clean Guide For Beginners
Altcoins
Indian High Court Orders Take Down of Mudrex Impersonation Scammers
Indian High Court Orders Take Down of Mudrex Impersonation Scammers
News

Follow Us on Socials

BTCRepublic use social media to react to hot news, update supporters and share authentic and factful information

Facebook Twitter Linkedin Telegram Pinterest
New Logo Black BR


BTCRepublic is the go-to source for comprehensive news coverage on blockchain technology, cryptocurrencies, non-fungible tokens, and Web3 gaming. Our content ranges from market trends to in-depth price analysis, fresh developments, interviews, and beginner guides.

Subscribe to our newsletter

Stay ahead of the curve with the BTCRepublic newsletter. By subscribing, you will get information about what is happening in the Web3 world straight to your inbox.

Subscription Form (#3)

More

  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
Reading: ‘CopyPasta’ Attack Shows How Prompt Injections Could Infect AI at Scale
Share
© 2025 All Rights Reserved by BTCRepublic