Cursor turns its internal security agents into reusable templates

Software teams are producing more code than they can realistically review. Security checks, in particular, tend to lag behind, arriving after code has already shipped or relying on tools that struggle to keep up with fast-moving repositories.

Cursor is trying to close that gap by turning its own internal approach to security review into something other teams can reuse. The AI-native code editor, developed by startup Anysphere, has released a set of templates for security agents that run continuously against a codebase, scanning for vulnerabilities and in some cases fixing them automatically.

Travis McPeak, who works on security at Cursor, says these agents are already active inside the company’s own environment, reviewing thousands of pull requests each week and catching issues before they reach production.

“Over the last nine months, our PR velocity has increased 5x,” McPeak wrote in a blog post. “Security tooling based on static analysis or rigid code ownership remains helpful, but is not enough at this scale.”

To address that, the company built a system that lets it deploy multiple agents across its codebase, allowing it to identify and repair vulnerabilities on an ongoing basis.

Creating reusable templates

The release centres on four pre-built agent setups, based on systems Cursor developed for its own security team. The company is publishing the configurations that define how these agents behave—what they monitor, when they trigger, and how they respond.

Teams can use these templates to set up agents that run in the background, watching for events such as pull request updates or changes in the codebase.

Each template includes a predefined prompt that determines how the agent reviews code, including what issues to prioritise and how to report findings.

When triggered, Cursor feeds the pull request diff into this prompt, which the agent uses to analyse code changes, trace potential vulnerabilities, and report only validated findings. In some cases, depending on how the template is configured, the agent can also open pull requests with fixes after running tests.

This template, described as an “agentic security review,” is designed to report issues to a Slack channel before gradually taking on a more active role, including commenting on pull requests and eventually blocking changes that fail security checks.

Other templates are designed to scan existing code for vulnerabilities, or monitor for drift against predefined security rules, running on a schedule and comparing results over time.

It’s worth noting that the templates are built directly on Cursor’s Automations feature, introduced earlier this month, which allows teams to run coding agents automatically in response to events or schedules. With Automations, these agents run in cloud environments, triggered by activity across systems like GitHub or Slack, rather than being limited to an editor session.

Agents as continuous reviewers

At Cursor, these templates are used to deploy agents that take on a more active role in how code is developed, including reviewing code changes, identifying vulnerabilities, and in some cases preventing insecure code from being merged.

They are not limited to assisting developers when prompted; they act as continuous participants in that process.

This impacts how responsibility is distributed within a team. Security checks become a form of continuous oversight, with systems monitoring changes as they happen.

There are limits, however. The system assumes human review before changes reach production, and questions remain about how reliably these agents can identify real issues versus false positives.

Randall Degges, VP of AI engineering and developer relations at Snyk, which sells developer security tools, says applying LLM-based reasoning to large codebases can uncover complex vulnerabilities that traditional tools often miss. But he warns that scanning entire codebases also increases the risk of false positives, as models struggle to maintain accuracy across a broader context.

“The agent cannot mark its own homework,” Degges writes.

He adds that this is especially relevant in this case, where findings produced by an LLM should be verified by a separate, deterministic system before engineers spend time acting on them.

Cursor, for its part, is continuing to expand how these systems are used across its own operations.

McPeak says the company is already extending these automations into other parts of its security operations, including vulnerability reporting, compliance monitoring, and incident response.

“Security is full of opportunities to apply automations, and these four are just the beginning of the work we plan to do,” he said. “In each case, agents give us coverage and consistency at a scale we couldn't achieve manually.”