Cursor

AI-native code editor produced by Anysphere; one of the dominant coding-agent IDE surfaces in 2025–2026 alongside Claude Code, Gemini CLI, OpenAI Codex, Amazon Kiro, and Google Antigravity. Built on a VS Code fork; surfaces inline AI completions, agent-mode multi-step edits, and external-tool MCP integrations.

In the context of this wiki, Cursor appears across three distinct surfaces:

• As a target. The May 2025 npm supply-chain attack trojanized 3,200+ macOS Cursor installs via three malicious npm packages that overwrote main.js and disabled auto-update for persistence — one of four primary-source incidents cited in Andrew Bullen’s “Breaking the Lethal Trifecta” talk at [un]prompted March 2026.
• As a defended runtime. Sondera’s Cedar-policy harness explicitly enumerates Cursor as one of the three coding-agent surfaces it intercepts (alongside Claude Code and Gemini CLI), via the per-agent local adapter pattern.
• As an exploitation case study. Mindgard’s “Vibe Check: Security Failures in AI-Assisted IDEs” talk at [un]prompted March 2026 (Piotr Ryciak) catalogues exploitation patterns across Codex, Kiro, Antigravity, and Cursor.

See also

• Cursor npm Credential Stealer (May 2025) — supply-chain incident
• Hooking Coding Agents with Cedar — runtime policy enforcement covering Cursor
• [[unprompted-conference-march-2026|[un]prompted March 2026]] — multiple talks reference Cursor