Summarize with AI
Code prompt library
40+ AI Prompts for Secure Vibe Coding
Find out More
What's next?
When you're ready to take the next step in securing your software supply chain, here are 3 ways Endor Labs can help:
Blog
Glossary
Customer Story
Video
eBook / Report
Solution Brief
Cursor Develops a Secure Product with Endor Labs
First released in 2023, Cursor (owned by Anysphere) is one of the fastest growing products in history, with ARR climbing from $1-100 million in just 12 months. Cursor uses Endor Labs for SCA and dependency management.
First released in 2023, Cursor (owned by Anysphere) is one of the fastest growing products in history, with ARR climbing from $1-100 million in just 12 months. Cursor uses Endor Labs for SCA and dependency management.
First released in 2023, Cursor (owned by Anysphere) is one of the fastest growing products in history, with ARR climbing from $1-100 million in just 12 months. Cursor uses Endor Labs for SCA and dependency management.
Written by
Jenn Gile
Published on
August 20, 2025
Topics
Key Results with Endor Labs:
- 97.5% noise reduction
- Accelerated remediation
- Stable code, focused engineers
As much as we’d like to believe that fixing is always safe, we can’t afford to bring instability into the system. Endor Labs helped us build a scalable remediation workflow that reduces risk of breaking changes.”
First released in 2023, Cursor (owned by Anysphere) is one of the fastest growing products in history, with ARR climbing from $1-100 million in just 12 months. Cursor uses Endor Labs for SCA and dependency management.
First released in 2023, Cursor (owned by Anysphere) is one of the fastest growing products in history, with ARR climbing from $1-100 million in just 12 months. Cursor uses Endor Labs for SCA and dependency management.
Cursor’ application security (AppSec) program aims to make the product as secure as possible. But as every startup team knows, finding product-market fit and shipping fast are uncompromisable priorities. To balance security with developer productivity, Cursor strives to create an environment where engineers have to worry about AppSec as little as possible.
When it came to software composition analysis (SCA), they found that the existing tool was a blocker because it lacked precision and accuracy.
- Excessive noise: Without reachability analysis, the tool alerted on every possible vulnerability regardless of whether it was exploitable.
- Risky upgrade advice: The tool always recommended upgrading to the latest version of a package, which increased the probability of introducing breaking changes.
The team faced a no-win choice. Either automatically upgrade everything and deal with potential fallout incidents, or manually research findings to figure out what was impactful. Even though the existing tool was free, in reality it cost a lot of hours to make it effective.
The team sought a new SCA tool that automatically triaged findings so that the security engineers (not the developers) could focus on performing impactful package upgrades. Requirements included:
- Accurate findings: The "holy grail" was the ability to sift through the large list of vulnerabilities generated by dependencies and only identify what’s relevant to Cursor's usage of the library.
- Focus on impact: Because the security team wanted to take on the engineering burden of fixing, the solution needed to help clarify the business context of affected functions (such as where it’s running).
- Low-maintenance: They needed a “set and forget” tool that didn’t require much maintenance after deployment.
Why Endor Labs Won
Cursor chose Endor Labs to be their SCA tool because:
- Function-level reachability analysis: The data provided by Endor Labs was immediately impressive, cutting down on actionable findings to just a handful.
- API-first and data-focused: The solution produced the necessary data that could be sent to other systems, and made it easy through their API.
- Ease of integration: They were impressed with how easy it is to integrate Endor Labs into GitHub, and liked that it ran internally in a system they control (meaning they don’t have to share Cursor's code).
Within just a few weeks of onboarding Endor Labs, Cursor already saw significant improvements in their vulnerability management initiatives.
“Endor labs jumped in quickly and effectively, solving the problem of SCA for us.”
- Travis McPeak, Security @ Cursor
97.5% noise reduction
The most quantifiable and immediate outcome is the dramatic reduction in irrelevant findings, achieved through function-level reachability analysis. With only 2.5% of findings identified as reachable (exploitable based on how Cursor uses the dependencies), the team doesn’t waste time on manual research.
“This class of issues [3rd party vulnerabilities] is covered for us. When the number is so small, we can focus on what’s truly impactful.”
- Travis McPeak, Security @ Cursor
Accelerated remediation
With a manageable number of findings to remediate, the next step is fixing. Cursor’s team exports data from Endor Labs into a homegrown platform where they centralize all vulnerability data and add more business context. With simple AI queries (because it’s Cursor, of course they use AI), the team rapidly determines which vulnerabilities to remediate first. This level of efficiency is possible because they trust Endor Labs has accurately identified dependencies and flagged the right ones as reachable.
“My team is responsible for remediating vulnerabilities. Endor helps us do it quickly so we can deliver the most secure AI product possible.”
- Travis McPeak, Security @ Cursor
Stable code, focused engineers
With such a small number of findings, the security team can own the actual task of upgrading dependencies, allowing product engineers to remain focused on building the product. The precision of Endor Labs allows Cursor’s security team to manage the major risk associated with upgrades: system instability. Endor Labs will be part of a de-risking infrastructure so they can be confident upgrades don't introduce breaking changes.
“As much as we’d like to believe that fixing is always safe, we can’t afford to bring instability into the system. Endor Labs helped us build a scalable remediation workflow that reduces risk of breaking changes.”
- Travis McPeak, Security @ Cursor
Learn more about Cursor's security program and their experience with Endor Labs:
Book a Demo
Book a Demo
Book a Demo
Welcome to the resistance
Oops! Something went wrong while submitting the form.
Book a Demo
Book a Demo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
.avif)
