PRODUCT (2026-05-13, TODAY): Cursor shipped 'Development Environments for Cloud Agents' -- configured runtime setups so cloud agents can take engineering tasks start to finish with cloned repos, installed deps, internal-toolchain credentials, and build-system access. Key capabilities: (a) multi-repo environments (one agent works across interdependent codebases), (b) Dockerfile-based config with build secrets and improved layer caching (70% faster builds), (c) Cursor-generated Dockerfiles via agent-led setup (private beta for Enterprise -- agent inspects repo, asks clarifying questions, validates), (d) governance controls: version history with rollback, audit log of all changes, granular permissions (secrets + network egress scoped per environment). Positions Cursor's cloud agents as a viable Devin / Cognition substitute for teams that want the agent inside their existing Cursor seat instead of buying a separate Cognition contract.
2026-05-13•Cursor blog (cursor.com/blog/cloud-agent-development-environments), Cursor changelog 2026-05-13
PRODUCT (2026-05-11): Cursor in Microsoft Teams -- @Cursor mentions inside Teams channels delegate a coding task to the Cursor cloud agent, which auto-selects the relevant repo + model, reads thread context, and opens a PR. First first-party Cursor integration outside the editor itself; positions Cursor against GitHub Copilot's Teams-native presence. Concurrently shipped: Bugbot effort levels (Default / High / Custom tiers for code-review depth -- High pass tradeoffs more deeply, Custom lets you set the budget per repo).
2026-05-11•Cursor changelog (cursor.com/changelog/microsoft-teams), Cursor changelog (cursor.com/changelog)
SECURITY (disclosed 2026-04-27, reported privately 2026-02-01): LayerX Security published 'CursorJacking' -- any Cursor extension can read OpenAI / Anthropic / Google API keys + session tokens directly from the unencrypted SQLite store at ~/Library/Application Support/Cursor/User/globalStorage/state.vscdb. CVSS 8.2 (HIGH). No CVE assigned. Anysphere / Cursor declined to patch, position is that defining the trust boundary on installed extensions is a user responsibility. No vendor remediation expected. Practical mitigation: only install extensions from sources you trust as much as you trust the API keys themselves; rotate API keys periodically; monitor key usage for anomalies. If you've installed any unknown / cracked / from-the-wild extensions, treat your active API keys as potentially compromised and rotate now
2026-04-27•LayerX Security disclosure (layerxsecurity.com/blog/cursorjacking-every-cursor-user-is-vulnerable-to-api-key-theft-by-rogue-extensions), Infosecurity Magazine, The CybrDef
PRODUCT (2026-04-30 + 2026-05-01): Cursor Security Review shipped in beta on Teams + Enterprise plans. Two security agents: Security Reviewer scans every PR for security vulnerabilities, auth regressions, and privacy/data-handling risks; Vulnerability Scanner runs scheduled scans of the codebase for known vulnerabilities and outdated dependencies. MCP-customizable -- plug in your existing SAST / SCA / secrets scanners. Draws from your existing usage pool (no separate billing line). On 2026-05-01 Team Marketplace updates landed: admins can configure plugin distribution as Default Off (users opt in), Default On (auto-installed but opt-out), or Required (cannot be uninstalled), all without needing a repo connection first. Pairs with the SDK + 3.2 multitask shipment to make Cursor a cleaner enterprise-IT proposition
2026-05-01•Cursor changelog (cursor.com/changelog) -- 2026-04-30 + 2026-05-01 entries
OWNERSHIP-CHANGE WATCH (2026-04-21): SpaceX disclosed it has the option to acquire Anysphere (Cursor's parent) for $60B later in 2026, OR pay $10B in lieu for joint compute work via Colossus (~1M H100-equivalent). Cursor cited being 'bottlenecked by compute' as the reason. Closing window pegged to SpaceX's June 2026 IPO. Not a closed deal -- it's an option -- but a meaningful tool-risk signal for buyers planning multi-year Cursor commitments. Earlier in April Cursor was also in talks to raise $2B+ at a $50B valuation; whether the SpaceX option supersedes or coexists with that round is unclear
2026-04-21•CNBC, TechCrunch, Bloomberg, Engadget
Cursor reportedly training its next Composer model (Composer 2.5) on thousands of xAI-supplied GPUs per Business Insider (2026-04-17). First major compute deal between a top AI coding company and xAI's post-SpaceX-acquisition infrastructure. Implication: Composer 2.5 should land in Q2-Q3 2026 with meaningfully better quality than today's Composer 2
2026-04•Business Insider, Seeking Alpha, MSN
Issues here are sourced from our editorial sweeps, not real-time telemetry. Newer issues may exist.