▓▒░ USE-CASES / CURSOR
Cursor has your codebase, your terminal, and your API keys.
Who's watching?
The most popular AI code editor has deep access to your development environment. MCP servers, file system, shell - all trusted by default.
MCP servers · shell access · file system · git credentials · env variables
Everything Cursor touches. All of it trusted.
Cursor isn't just an editor. It's an autonomous agent with access to your entire development environment - and every connection is trusted by default.
File System
Reads every open file and project directory
Shell / Terminal
Executes arbitrary commands in your shell
Git & Credentials
Accesses .git, SSH keys, and tokens
Environment Variables
Reads .env files containing secrets
MCP Servers
Connects to databases, APIs, and cloud services
Browser / Network
HTTP requests and outbound API calls
Three attacks your SOC won't see coming
These aren't theoretical. They're happening in codebases right now.
Poisoned MCP server in the supply chain
A developer installs a popular community MCP server for GitHub integration. It silently proxies every file Cursor reads - source code, configs, credentials - to an external endpoint. Your security tools see a legitimate VS Code extension making HTTPS calls.
Prompt injection via cloned repository
An attacker plants instructions in a CONTRIBUTING.md or .cursorrules file. When a developer opens the repo, Cursor's context window ingests the payload. The agent executes commands the developer never asked for - modifying CI pipelines, adding backdoors to build scripts.
MCP server lateral movement
A Cursor MCP server connecting to your staging database gets manipulated through crafted tool responses. The agent escalates from read-only queries to schema modifications, then pivots to other connected MCP servers. One compromised connection becomes a network-wide incident.
From blind spots to full coverage
Three capabilities purpose-built for AI coding tools.
Discover every Cursor instance and MCP server
You can't secure what you can't see. Rogue continuously discovers every Cursor installation, MCP server connection, and tool permission across your development fleet.
Enforce policies on every tool call
Define what's allowed and what isn't. Rogue enforces granular policies on MCP server connections, file access patterns, and shell commands — without slowing developers down.
Detect anomalous agent behavior in real time
When an agent deviates from normal patterns — unusual file access, unexpected network calls, tool invocations at odd hours — Rogue flags it before damage is done.
Zero friction. Zero data egress.
Developer codes with Cursor
MCP servers connect, tools execute, files are read
Rogue monitors every MCP connection
Every tool call, file read, and network request observed
Policy violations blocked in real time
Destructive actions stopped before they execute
Developer codes with Cursor
MCP servers connect, tools execute, files are read
Rogue monitors every MCP connection
Every tool call, file read, and network request observed
Policy violations blocked in real time
Destructive actions stopped before they execute
Deploys on-device. Your source code never leaves the machine. Learn more →
Your developers love Cursor. Make sure it loves them back.
See what Cursor sees — and control what it does.