Cursor Security Review Beta: PR Scanning & Vulnerability Detection
Cursor's new Security Review beta adds two always-on agents: Security Reviewer for PR scanning and Vulnerability Scanner for scheduled codebase checks. Both are customizable with MCP server support and available on Teams and Enterprise plans.
TL;DR
- Security Reviewer now scans every PR for vulnerabilities, auth issues, and prompt injection attacks
- Vulnerability Scanner runs scheduled codebase scans for known CVEs and outdated dependencies
- Both agents are customizable with MCP servers and Slack integration available
- Beta on Teams and Enterprise plans only
New
- Security Reviewer — Always-on PR agent that leaves inline comments on security issues, auth regressions, privacy risks, and prompt injection attempts with severity levels and fixes
- Vulnerability Scanner — Scheduled codebase scanner for known vulnerabilities, outdated dependencies, and misconfigurations with Slack notifications
- Custom Security Agents — Adjust triggers, add instructions, plug in MCP servers for your existing SAST/SCA/secrets scanners, and control output sharing
Enable Security Review in your Cursor dashboard. Security agents use your existing usage pool. See the full docs for setup details.
Source: Cursor
