Cursor Launches Beta Security Review for PRs and Codebases

TL;DR

• Cursor has introduced Security Review in beta, available for all Teams and Enterprise plan users.
• The system features two specialized agents: the Security Reviewer, which audits Pull Requests, and the Vulnerability Scanner, which monitors codebases for outdated dependencies.
• Users can customize workflows by integrating existing SAST, SCA, and secrets scanners via MCP servers.

The landscape of development tooling is evolving rapidly, and Cursor is doubling down on proactive protection. The newly launched Security Review suite brings automated, always-on security oversight directly into the editor workflow. By focusing on both code changes and long-term project health, Cursor aims to bridge the gap between AI-driven development and enterprise-grade security standards. You can find more details in the latest Cursor Changelog.

The Security Reviewer agent is designed to act as an automated gatekeeper for every Pull Request. It scans code for critical issues including authentication regressions, privacy risks, potential prompt injection attacks, and dangerous agent tool auto-approvals. When a risk is identified, the agent leaves detailed inline comments at the exact location of the code, complete with severity levels and suggested remediation steps, significantly reducing the cognitive load on human reviewers.

For broader oversight, the Vulnerability Scanner runs periodic audits across the entire codebase. This tool tracks configuration issues and flags outdated dependencies that could expose the project to known exploits. To ensure teams stay informed, the scanner supports Slack integration, pushing alerts directly to relevant channels whenever a risk is detected. These features are designed to be highly configurable, allowing teams to adjust triggers, define custom instructions, and integrate existing tools via MCP servers.

Admins interested in testing these new capabilities can enable them directly through the Security Review Dashboard. By leveraging existing usage pools, organizations can immediately begin hardening their development lifecycle without friction. For a deep dive into configuration and best practices, check out the Security Review Documentation.

Security Review Documentation. Visit your dashboard today to secure your PRs and codebase with these new AI agents.

Summary

• Security Review is now available in beta for Teams and Enterprise plans.
• Automated agents provide real-time feedback on PRs and scheduled scans for dependency risks.
• Integration support for MCP servers allows teams to bring their own security tooling into the Cursor environment.

Source: Cursor Security Review · Cursor