AI coding tools trained on public codebases tend to default to insecure patterns, and persistent security rules files can enforce safer outputs. Attackers can poison those rules files with invisible Unicode to instruct models to inject backdoors and exfiltrate data, as demonstrated by Pillar Security against Cursor and GitHub Copilot. #RulesFileBackdoor #PillarSecurity
Keypoints
- Public training data drives insecure defaults such as unsanitized inputs, string-concatenated SQL, and weak hashing.
- Specific security constraints in prompts measurably reduce vulnerabilities, while vague persona prompts do not.
- Persistent rules files provide repo-wide guardrails but become an attack surface when committed and forked.
- The Rules File Backdoor hides instructions using invisible Unicode, causing models to inject backdoors or exfiltrate data without visible signs.
- Pillar Securityβs proof-of-concept showed malicious script injection and vendor responses that shifted responsibility to users, enabling wide propagation.
Read More: https://www.toxsec.com/p/prompt-ai-to-write-secure-code