‍Executive SummaryPillar Security researchers have uncovered a dangerous new supply chain attack vector we've named "Rules File Backdoor." This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent configuration files used by Cursor and GitHub Copilot—the world's leading AI-powered code editors.‍By exploiting hidden unicode characters and sophisticated evasion techniques in the model facing instruction payload, threa...