By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

BTCRepublic: Timely News & Analysis for Smarter Trading.

  • ABOUT
  • DISCLAIMER
  • CONTACT
New Logo Black BTCRepublic BTCRebpublic-New White Logo
  • Guides
    • Bitcoin
    • Ethereum
    • Altcoins
    • Blockchain
    • DeFi
    • Mining
    • NFTs
    • Wallets
  • News
    • Bitcoin News
    • Ethereum News
    • Altcoins News
    • NFT News
    • Memecoin News
    • Blockchain News
    • Stablecoins News
    • DeFi News
  • Reviews
    • Exchanges
    • Wallets
    • Casinos
    • Services
  • Price Predictions
    Price PredictionsShow More
    Solana (SOL) Price Faces Correction, But Bulls Eye $205
    Solana (SOL) Price Faces Correction, But Bulls Eye $205
    August 4, 2025
    Ethereum Price Prediction 2024, 2025
    Ethereum Price Prediction 2024, 2025: What to Expect for ETH by 2030
    November 12, 2024
    Bitcoin Price Rises To $78k
    Bitcoin Price Rises To $78k After China Announced Stimulus Packages
    September 24, 2024
    Ethereum (ETH) Surged 15%
    Ethereum (ETH) Surged 15% In 7 Days Despite Whale Selloff
    October 29, 2024
    Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Model
    Worldcoin (WLD) Price Surged 16% As OpenAI Drops New AI Models
    October 29, 2024
  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
Reading: ‘CopyPasta’ Attack Shows How Prompt Injections Could Infect AI at Scale
Share
  • bitcoinBitcoin(BTC)$125,460.72
  • ethereumEthereum(ETH)$4,703.72
  • rippleXRP(XRP)$3.04
  • binancecoinBNB(BNB)$1,217.74
  • tetherTether(USDT)$1.00
  • solanaSolana(SOL)$236.90
  • usd-coinUSDC(USDC)$1.00
  • staked-etherLido Staked Ether(STETH)$4,697.45
  • dogecoinDogecoin(DOGE)$0.268484
  • cardanoCardano(ADA)$0.88
Font ResizerAa
BTCRepublicBTCRepublic
  • Guides
  • News
  • Reviews
  • Price Predictions
Search
  • Guides
    • Bitcoin
    • Ethereum
    • Altcoins
    • Blockchain
    • DeFi
    • Mining
    • NFTs
    • Wallets
  • News
    • Bitcoin News
    • Ethereum News
    • Altcoins News
    • NFT News
    • Memecoin News
    • Blockchain News
    • Stablecoins News
    • DeFi News
  • Reviews
    • Exchanges
    • Wallets
    • Casinos
    • Services
  • Price Predictions
Follow US
  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
© 2025 All Rights Reserved by BTCRepublic.

Home - AI News - ‘CopyPasta’ Attack Shows How Prompt Injections Could Infect AI at Scale

AI NewsNews

‘CopyPasta’ Attack Shows How Prompt Injections Could Infect AI at Scale

AI coding tools can be tricked by fake license files via CopyPasta attack to spread malicious code, security firm HiddenLayer warns.

Oladapo Timothy
Last updated: September 4, 2025 9:58 pm
Oladapo Timothy
Published: September 4, 2025
Share
Disclosure: BTCRepublic provides analysis and forecasts but does not offer investment advice. Our content is for informational purposes only. Please conduct your own thorough research and consult with a financial advisor before making any investment in cryptocurrency.
'CopyPasta' Attack Shows How Prompt Injections Could Infect AI at Scale
Highlights
  • HiddenLayer researchers detailed a new AI “CopyPasta” attack that spreads through coding assistants.
  • The CopyPasta attack uses hidden prompts disguised as license files to replicate across code.
  • A researcher recommends runtime defenses and strict reviews to block prompt injection attacks at scale.

Hackers can now weaponize AI coding assistants using nothing more than a booby-trapped license file via CopyPasta attack, turning developer tools into silent spreaders of malicious code.

That’s according to a new report from cybersecurity firm HiddenLayer, which shows how AI can be tricked into blindly copying malware into projects.

btcrepublic advertise

The proof-of-concept technique—dubbed the “CopyPasta License Attack”—exploits how AI tools handle common developer files like LICENSE.txt and README.md. By embedding hidden instructions, or “prompt injections,” into these documents, attackers can manipulate AI agents into injecting malicious code without the user ever realizing it.

“We’ve recommended having runtime defenses in place against indirect prompt injections, and ensuring that any change committed to a file is thoroughly reviewed,” Kenneth Yeung, a researcher at HiddenLayer and the report’s author, told Decrypt.

CopyPasta is considered a virus rather than a worm, Yeung explained, because it still requires user action to spread. “A user must act in some way for the malicious payload to propagate,” he said.

Despite requiring some user interaction, the virus is designed to slip past human attention by exploiting the way developers rely on AI agents to handle routine documentation.

“CopyPasta hides itself in invisible comments buried in README files, which developers often delegate to AI agents or language models to write,” he said. “That allows it to spread in a stealthy, almost undetectable way.”

btcrepublic advertise 2

CopyPasta isn’t the first attempt at infecting AI systems. In 2024, researchers presented a theoretical attack called Morris II, designed to manipulate AI email agents into spreading spam and stealing data. While the attack had a high theoretical success rate, it failed in practice due to limited agent capabilities, and human review steps have so far prevented such attacks from being seen in the wild.

While the CopyPasta attack is a lab-only proof of concept for now, researchers say it highlights how AI assistants can become unwitting accomplices in attacks.

The core issue, researchers say, is trust. AI agents are programmed to treat license files as important, and they often obey embedded instructions without scrutiny. That opens the door for attackers to exploit weaknesses—especially as these tools gain more autonomy.

CopyPasta follows a string of recent warnings about prompt injection attacks targeting AI tools.

In July, OpenAI CEO Sam Altman warned about prompt injection attacks when the company rolled out its ChatGPT agent, noting that malicious prompts could hijack an agent’s behavior.

This warning was followed in August, when Brave Software demonstrated a prompt injection flaw in Perplexity AI’s browser extension, showing how hidden commands in a Reddit comment could make the assistant leak private data.

UK Football Club Real Bedford Invests Another $4.5M In Bitcoin
JPMorgan And Coinbase Partner To Launch Direct Account Linking
Crypto Firms, Binance And KuCoin, Airdrop Tokens To Support Vietnam Typhoon Yagi Victims
Lamborghini Joins Forces With Animoca Brands To Launch Fast ForWorld Web3 Racing Game
SEC Delays Decision on 21Shares SUI ETF Proposal
TAGGED:AICopyPastaPrompt Injection

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Email Print
ByOladapo Timothy
Follow:
An expert, trader and writer with extensive experience of digital assets, covering everything related to the burgeoning crypto industry — from price analysis to Blockchain disruption. I have authored more than 2,000 stories for crypto and fintech media outlets. I am particularly interested in regulatory trends around the globe that are shaping the future of digital assets.
Previous Article Cardano (ADA) Gains Momentum as ETF Approval Odds Jump Cardano (ADA) Gains Momentum As ETF Approval Odds Jump
Next Article Here's Why “Bitcoin Could Go Below $100,000” This September Here’s Why “Bitcoin Could Go Below $100,000” This September
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular
The Hottest Picks
News
Crypto Miner TeraWulf Raises $3 Billion To Expand Data Centres
September 29, 2025
Crypto InvestmentNews
BTCRepublic Market Pulse For This Week
September 27, 2025
Memecoin NewsNews
Dogecoin Price Prediction 2025, 2026 – 2030: Will DOGE Reach 1 Dollar?
September 27, 2025
Blockchain NewsNews
Are Layer-3 Networks The Missing Link In Blockchain Infrastructure?
September 26, 2025
- Advertisement -
Ad imageAd image

Follow Us on Socials

BTCRepublic use social media to react to hot news, update supporters and share authentic and factful information

Facebook Twitter Linkedin Telegram Pinterest
Footer Text white background

Subscribe to our newsletter

Stay ahead of the curve with the BTCRepublic newsletter. By subscribing, you will get information about what is happening in the Web3 world straight to your inbox.

More

  • About US
  • Privacy Policy
  • Editorial Policy
  • Terms of Service
  • Disclaimer
  • Contact Us
  • Sitemap
Reading: ‘CopyPasta’ Attack Shows How Prompt Injections Could Infect AI at Scale
Share
© 2025 All Rights Reserved by BTCRepublic