Comment by tomrod
1 year ago
Supply chain attacks, I'd reckon.
Get malicious code stuffed into Cursor (or similar)-built applications -- doesn't even have to fail static scanning, just got to open the door.
Sort of like the xz debacle.
1 year ago
Supply chain attacks, I'd reckon.
Get malicious code stuffed into Cursor (or similar)-built applications -- doesn't even have to fail static scanning, just got to open the door.
Sort of like the xz debacle.
It's even better if you have anything automated executing your tests and whatnot (like popular VSCode plugins showing a nice graphical view of which errors arise from where through your local repo). You could own a developer's machine before they had the time to vet the offending code.
Yeah esp Cursor YOLO mode (auto write code and run commands) is getting very popular
https://forum.cursor.com/t/yolo-mode-is-amazing/36262
What's that game when you take damage it rm - f random files in your filesystem?
4 replies →
Yeah that would be the most obvious "real" exploit (on the code generation side)