cursor
Safeguard articles tagged "cursor" — guides, analysis, and best practices for software supply chain and application security.
9 articles
The Cursor extension that cost a developer $500,000
A fake Solidity extension on Open VSX was downloaded 50,000+ times, dropped an infostealer, and drained $500K in crypto — how the marketplace trust model failed.
Concrete guardrails for AI coding assistants
40% of Copilot-generated code contained CWE Top 25 flaws in a 2022 study. Here are the prompt, scanning, and review gates that actually stop AI-written risk.
The Cursor IDE extension that stole $500K: a supply chain post-mortem
A fake 'Solidity Language' extension hit 50,000+ downloads on Open VSX before stealing $500K in crypto. Here's how IDE marketplaces became a trust gap.
AI Coding Assistant Security FAQ: Risks and Controls for 2026
Straight answers on securing AI coding assistants like Claude Code, Cursor, and Cline — the real risks, data-leakage paths, insecure output, and how to add guardrails without slowing developers.
Supply Chain Risks of AI Coding Assistants
Copilot, Cursor, and Claude Code change what enters your codebase and how. A practitioner's map of the real supply chain risks — hallucinated packages, rules-file injection, and unreviewed transitive trust.
Cursor Enterprise Security Buyer Review 2026
An honest security buyer's review of Cursor Enterprise for 2026: data handling, model isolation, audit posture, and the gaps to negotiate before signing.
Griffin AI vs Cursor Tab for Security Review
Cursor Tab is excellent at in-editor autocomplete. For security review, the workflow is different enough that the right answer is to use both.
Cursor IDE Security Model: What Enterprises Need to Know
Cursor's 2026 security model introduces privacy modes, indexing controls, and agent sandboxes. Here is the enterprise-ready view of what works.
MCPoison (CVE-2025-54136): How Cursor's Trust Model Failed Open
Check Point Research showed Cursor bound trust to MCP entry names, not contents. A swap-after-approval gave attackers persistent RCE on engineers' laptops.