
Cursor, which was recently acquired by SpaceX for $60 billion in stock, produces one of the most widely used AI-assisted coding tools used in the enterprise space. The two flaws were patched in version 3.0 of the Cursor IDE, which was released in April.
Native vulnerability in LLMs
Large Language Models (LLMs) are natively vulnerable to malicious instructions that could be hidden inside the content they process. This is particularly dangerous in the age of agentic AI, where LLMs are combined with a variety of tools, including browsers and APIs that allow them to access a variety of third-party public content, such as parsing web pages in search results and RSS feeds, code in repositories, comments in bug trackers, emails in users’ inboxes, and their documents.
Protecting AI tools from prompt injection is very hard, and usually involves a layered approach, including guardrails built into the model by the AI lab that created it, instructions in system prompts to treat certain content as passive data, supervisor models running on top of the LLMs that process data, traditional keyword filtering, context segmentation, granular access controls, adding humans back into the loop to approve sensitive operations and more.
