Cursor Security Review adds always-on agents for teams

Cursor has just rolled out Cursor Security Review, bringing always-on code review and scheduled scanning to Teams and Enterprise. It includes a PR-focused Security Reviewer and a Vulnerability Scanner that can post findings to Slack, with customizable triggers and tooling.

CursorSecurityReview
cursor cover

TL;DR

  • Cursor Security Review: Available now for Teams and Enterprise; includes two always-on agents for review and scanning
  • Security Reviewer: Checks every PR for vulnerabilities and leaves comments
  • Vulnerability Scanner: Runs scheduled codebase scans; posts findings in Slack
  • Customization: Adjustable triggers, custom instructions, attach tooling, and control how results are shared
  • Platform updates: Runtime, harness, and models still being improved for stronger out-of-the-box behavior
  • Feedback: Mixed reactions on alert fatigue, false positives, privacy; comparisons to Anthropic’s security-review efforts

Cursor’s announcement on X states that Cursor Security Review is now available for Teams and Enterprise plans, with two always-on agents aimed at code review and scanning.

According to Cursor, the first agent, called Security Reviewer, checks every PR for vulnerabilities and leaves comments. The second, Vulnerability Scanner, runs scheduled scans of a codebase and posts findings in Slack.

The company also mentions that the agents can be customized to fit a team’s requirements. Cursor says teams can adjust triggers, add their own instructions, attach custom tooling, and decide how results are shared.

In a follow-up post, Cursor stated that it is still improving the runtime, harness, and models behind Security Review to provide a stronger out-of-the-box experience. It also noted that the security agents draw from an existing usage pool.

Reactions on X were mixed. Some commenters welcomed the idea of an always-on security auditor inside the development flow, while others raised questions about alert fatigue, false positives, privacy, and whether the feature will reach other plans. A few users also compared the launch with Anthropic’s recent security-review push, suggesting the category is moving quickly.

Source: Cursor on X

Continue the conversation on Slack

Did this article spark your interest? Join our community of experts and enthusiasts to dive deeper, ask questions, and share your ideas.

Join our community

Related Articles

cursor cover

Cursor Bugbot hits nearly 80% AI review resolution rate

Cursor has just rolled out learned rules for Bugbot, turning real PR feedback into continuously updated review behavior. The company says Bugbot’s suggestions are now addressed nearly 80% of the time before merge, up from 52% at launch.

2 shared tags
OpenAI begins rolling out GPT-5.5-Cyber to key defenders

OpenAI begins rolling out GPT-5.5-Cyber to key defenders

OpenAI has just rolled out GPT-5.5-Cyber, bringing a new “frontier cybersecurity model” to critical cyber defenders. Early reactions focus on trusted access, benchmarks, and whether controls can prevent misuse by attackers.

1 shared tag
claude cover

Claude Security enters public beta for Enterprise code scanning

Claude has just rolled out Claude Security in public beta for Enterprise customers, promising vulnerability scans with validated findings and patch suggestions—no API integration required. New additions include scheduled scans, exports, webhooks, and scan-to-scan dismissals.

1 shared tag