Safeguard
Tag

cursor

Safeguard articles tagged "cursor" — guides, analysis, and best practices for software supply chain and application security.

9 articles

AI Security

The Cursor extension that cost a developer $500,000

A fake Solidity extension on Open VSX was downloaded 50,000+ times, dropped an infostealer, and drained $500K in crypto — how the marketplace trust model failed.

Jul 16, 20266 min read
AI Security

Concrete guardrails for AI coding assistants

40% of Copilot-generated code contained CWE Top 25 flaws in a 2022 study. Here are the prompt, scanning, and review gates that actually stop AI-written risk.

Jul 9, 20266 min read
Supply Chain Attacks

The Cursor IDE extension that stole $500K: a supply chain post-mortem

A fake 'Solidity Language' extension hit 50,000+ downloads on Open VSX before stealing $500K in crypto. Here's how IDE marketplaces became a trust gap.

Jul 9, 20265 min read
FAQ

AI Coding Assistant Security FAQ: Risks and Controls for 2026

Straight answers on securing AI coding assistants like Claude Code, Cursor, and Cline — the real risks, data-leakage paths, insecure output, and how to add guardrails without slowing developers.

Jul 5, 20266 min read
AI Security

Supply Chain Risks of AI Coding Assistants

Copilot, Cursor, and Claude Code change what enters your codebase and how. A practitioner's map of the real supply chain risks — hallucinated packages, rules-file injection, and unreviewed transitive trust.

Apr 11, 20266 min read
AI Security

Cursor Enterprise Security Buyer Review 2026

An honest security buyer's review of Cursor Enterprise for 2026: data handling, model isolation, audit posture, and the gaps to negotiate before signing.

Mar 12, 20265 min read
AI Security

Griffin AI vs Cursor Tab for Security Review

Cursor Tab is excellent at in-editor autocomplete. For security review, the workflow is different enough that the right answer is to use both.

Feb 20, 20262 min read
AI Security

Cursor IDE Security Model: What Enterprises Need to Know

Cursor's 2026 security model introduces privacy modes, indexing controls, and agent sandboxes. Here is the enterprise-ready view of what works.

Feb 12, 20265 min read
Agent Security

MCPoison (CVE-2025-54136): How Cursor's Trust Model Failed Open

Check Point Research showed Cursor bound trust to MCP entry names, not contents. A swap-after-approval gave attackers persistent RCE on engineers' laptops.

Aug 12, 20256 min read
cursor — Safeguard Blog