""This has the potential to leak sensitive credentials, modify files, or serve as a vector for broader system compromise, placing Cursor users at significant risk from supply chain attacks," Oasis wrote. While Cursor and other AI-powered coding tools like Claude Code and Windsurf have become popular among software developers, the technology is still fraught with bugs. Replit, another AI coding assistant that debuted its newest agent earlier this week, recently deleted a user's entire database."
"Basically, this feature is intended to be a verification step for Cursor users so that they only run code that they know and trust. Without it, the platform will automatically run code that's in a repository, leaving the window open for bad actors to surreptitiously slip in malware that could then jeopardize a user's system -- and from there, potentially spread throughout a broader network."
Code repositories in Cursor that include a .vscode/tasks.json configuration can be instructed to automatically run functions when opened. The Workplace Trust verification feature in Cursor is disabled by default, allowing repository code to autorun without user confirmation. Malicious actors can embed malware in repositories to leak credentials, modify files, or enable broader system compromise and supply-chain attacks. AI-powered coding tools remain prone to bugs and operational risks, as evidenced by recent incidents like a Replit deletion of a user's entire database. The vulnerability presents significant risk, and an easy mitigation exists by enforcing trust verification.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]