Cursor and the Attack Surface You Agreed To

Two independent security disclosures landed within hours of each other about Cursor IDE: Mindgard's finding that Cursor auto-executes any git.exe in a repo root (still unpatched after 7 months) and Cato Networks' DuneSlide research showing that prompt injection via MCP or web search can escape the agent sandbox and achieve full OS-level RCE. Together they define a new class of attack surface that appears whenever an AI agent runs with your privileges.

Read more →