Comment by tomrod

1 year ago

Supply chain attacks, I'd reckon.

Get malicious code stuffed into Cursor (or similar)-built applications -- doesn't even have to fail static scanning, just got to open the door.

Sort of like the xz debacle.

It's even better if you have anything automated executing your tests and whatnot (like popular VSCode plugins showing a nice graphical view of which errors arise from where through your local repo). You could own a developer's machine before they had the time to vet the offending code.

Yeah that would be the most obvious "real" exploit (on the code generation side)