Cursor ships features fast. The same pattern that makes that possible — confident code, idiomatic-looking output, fast iteration — is what hides the risk we read for. We audit Cursor codebases line by line, name what's broken, and tell you what to fix first.
Next.js, Python and full-stack apps with Tailwind, shipped at high velocity by individual developers.
The repository contains a .env file with database URLs, API keys or third-party secrets that resolve to live, billable services. Even if the repo is private today, anyone who later forks it, clones it for onboarding or browses old commits gets a working set of keys.
A query reads by id but never checks that the id belongs to the authenticated user — typically `SELECT * FROM invoices WHERE id = ?` instead of `... WHERE id = ? AND user_id = ?`. Two seeded test accounts can read each other's records by changing a number in the URL.
Endpoints that mutate data — create, update, delete — accept requests without ever checking for a session, JWT or API token. The UI hides the buttons behind a login screen, so the developer assumes the API is protected. It isn't: anyone with curl and the URL can call it.
The AI suggested an import for a package that either doesn't exist on npm or matches a malicious typosquat of a real one (`reqeusts`, `loadash`, `node-fetchh`). When `npm install` succeeded, it pulled either nothing useful or someone's installed-package backdoor — and now lives in the lockfile.
The backend reads the user id from the JWT payload but never verifies the signature against the public key. Forging an admin token is a one-line script — the system trusts whatever the client claims to be.
Knowing the tool that built the code lets us focus the audit. We start by detecting the Cursor signature in the codebase, then we read the surfaces where Cursor-specific failure modes cluster: auth, secrets, data access, dependencies and LLM-touching paths. Five to ten business days from kickoff to written report. No deployment access required — read-only repository access is enough.
Severity-ordered findings with file paths, line references, why it matters and a fix sketch. Readable by both engineering and non-technical stakeholders.
15-minute recording of the report — for the cofounder, investor or director who didn't make the live call.
Live discussion of severity, fix order and the calls that need a human in the loop.
Slack or email for clarifications, fix reviews and a second pair of eyes on the patches.
Typical SMB AI-built codebase, kickoff to written report. Larger or multi-repo audits scoped separately.
Often yes — Cursor leaves stylistic fingerprints in commit shape, completion patterns and the kind of suggestions developers tend to accept. We confirm by reading the code, not by asking your team.
It expands it. Agent-mode changes touch multiple files in one go, so we pay extra attention to lockfile churn, .env hygiene and the diffs that crossed boundaries (auth + UI + database) in a single commit.
Yes. If your Cursor setup uses MCP servers that read your codebase or external systems, we audit what those servers can see and whether their access is scoped tighter than the developer's full repo access.
Terminal-driven, multi-file changes across a codebase — often touching infra, tests and product code in a single agent loop.
Read more →Inline completions across enterprise codebases, mixed with hand-written code from many authors over years.
Read more →Next.js apps deployed on Vercel with Supabase as the default database, often shipped before any backend review.
Read more →We design for privacy from the start, human control, traceability, usage limits, permissioning and documentation. For sensitive processes, we help assess risk and applicable obligations under GDPR and the EU AI Act.
Every engagement is led personally by one of the partners. If there's a fit, you get a personal first read of your case within one business day — not a canned demo.
