Skip to content

Instantly share code, notes, and snippets.

@jpsphaxer

jpsphaxer/Cursor_Security.md

Created June 13, 2025 17:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jpsphaxer/04e6b735bd6b3e9333040fdbe44ed4de to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jpsphaxer/04e6b735bd6b3e9333040fdbe44ed4de to your computer and use it in GitHub Desktop.
Download ZIP
Cursor Proposal (Security)
Raw
Cursor_Security.md

🧾 Proposal: Using Cursor AI as a Secure AI-Powered Coding Assistant

πŸ“Œ Summary

We propose adopting Cursor AI as an AI-enhanced coding assistant to support developer productivity in local development environments only. To maximize its utility, we recommend using Privacy Mode with Storage, which enables powerful features (like Background Agent) without training on our code or data.

πŸ” Why Cursor?

Cursor integrates directly with the developer's IDE to enhance:

  • Code understanding
  • Autocompletion
  • Intelligent editing
  • Local codebase search
  • AI pair programming

It routes all prompt requests through the Cursor backend, even when using a personal OpenAI API key. This enables consistent and optimized prompt building.

πŸ›‘οΈ Privacy and Security Considerations

We propose enabling Privacy Mode with Storage, which offers a strong privacy baseline while enabling feature-rich capabilities.

Privacy Setting Code Stored Temporarily Training Usage Access to Full Features
Privacy Mode with Storage βœ… Yes (for features) ❌ Never used for training βœ… Yes

Key Note: Even with storage enabled, Cursor never uses our code for training, nor shares it with third parties.

πŸ” Technical & Data Flow Overview

Proposed Usage Scope:

  • Local development environments only
  • No access to production systems
  • No access to live databases or PHI
  • Used with sample/test data

Code Indexing & Embeddings:

  • Cursor uploads code in small chunks to compute embeddings for search and context.
  • Plaintext code is discarded after processing.
  • Only obfuscated metadata and hashed file references are stored.

Temporary Caching:

  • Files are cached temporarily during processing.
  • Encryption keys are generated per session and expire after the request.

πŸ”„ Data Flow Diagram

flowchart TD
    A["Developer IDE (Cursor)"] --> B["Cursor Backend (Prompt Building)"]
    B --> C["LLM API (e.g. OpenAI/Fireworks)"]
    B --> D[Ephemeral Code Chunking for Indexing]
    D --> E[Embedding Computation]
    E -->|Metadata only| F[(Obfuscated Metadata + Embeddings)]
    
    subgraph Privacy Mode Setting
      G2[Privacy Mode with Storage]
    end

    G2 -->|Temporary storage<br>Strict no-training| F

    style F fill:#fff3cd,stroke:#ffc107,color:#856404
    style G2 fill:#fff3cd,stroke:#ffc107,color:#856404
Loading

βœ… Risk Mitigation Highlights

Concern Cursor (Privacy Mode w/ Storage) Handling
PHI or PII exposure ❌ None – tool will not be used with real or sensitive data
Production system access ❌ None – strictly for local development
Long-term code retention πŸ” Code stored temporarily for feature use, never persisted beyond necessity
Training on internal code ❌ Never trained on or shared with third parties
Data encryption βœ… Encrypted file contents with ephemeral session-based keys

βœ… Next Steps

  • Obtain approval from security and architecture teams
  • Enable Privacy Mode with Storage during onboarding
  • Define usage policy: strictly for dev environments, no PHI/PII, internal code only
  • Monitor usage and reassess privacy settings as needed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment