05-01-26
CursorSummary
Cursor Security Review is now available in beta for Teams and Enterprise users, introducing automated security checks via the Security Reviewer and scheduled Vulnerability Scanner agents. Users can now customize these security agents by integrating their existing scanning tools and adjusting operational triggers.
New Features
- Introduced Cursor Security Review beta on Teams and Enterprise plans, featuring two always-on security agents: Security Reviewer and Vulnerability Scanner.
- Enabled Security Reviewer to check every Pull Request for security vulnerabilities, authentication regressions, privacy/data-handling risks, agent tool auto-approvals, and prompt injection attacks, leaving inline comments with severity and remediation.
- Enabled Vulnerability Scanner to run scheduled scans of the codebase for known vulnerabilities, outdated dependencies, and configuration issues, with optional Slack notifications for findings.
- Added capability to customize Cursor-managed security agents by adjusting triggers, adding custom instructions, providing custom tooling, and configuring output sharing, including plugging in existing SAST, SCA, and secrets scanners.
Improvements
- Continuously improving the runtime, harness, and models powering Cursor Security Review for a strong out-of-the-box experience.