Engineering teams using Cursor are shipping meaningfully more code than they were a year ago. And the next wave of semi-autonomous cloud agents is about to compound that gain further.
But more code also means more dependencies and more attack surfaces. The stakes are highest for enterprises in regulated industries — banks, insurers, healthcare providers — where enterprise security controls aren't optional. Unfortunately, legacy security tooling was built for a world in which security acted as a gate, slowing pipelines and introducing delays.
Today, we're formalizing our partnership with Cursor to give enterprises a way to capture the full productivity gains of agentic coding without increasing code security risks or slowing down engineering teams.
Why this partnership matters now
AI coding tools have reset the baseline for engineering productivity. Cursor has been at the forefront of that shift, and from day one, the Cursor team has treated enterprise security as a first-class part of the product. Hooks, agent governance primitives, and a growing partner ecosystem are all part of that investment.
We're proud to be among those partners because we share a design principle: the best security is something developers never have to think about. Cursor's job is to make agentic coding feel effortless. Ours is to make sure the guardrails enforcing your policies are equally invisible.
"Enterprise engineering and security leaders are not asking whether to adopt agentic coding; they are asking how to do it at scale with the trust the business requires,” said Brian McCarthy, President, Global Revenue and Field Operations, Cursor. “We have invested heavily in tools, security controls, and governance, along with partnerships, including with Endor Labs, that let security teams see what every agent is doing, enforce policies across workstations, and ship with confidence. The result is developers moving at full speed with the guardrails enterprises need.”
That bar is highest in regulated industries and large enterprises. Banks, insurers, and other financial services institutions can't trade off velocity for risk. For those teams to adopt agentic coding at scale, every line an AI agent generates needs to be governable, traceable, and defensible. That's the gap Cursor and Endor Labs are closing together.
AURI by Endor Lab is the security harness for agentic coding. It gives security teams visibility into agent activity, enforces policy as code across every workstation, helps agents generate secure code by default, and blocks vulnerable and malicious dependencies before they reach your codebase. For security leaders, that means audit-ready evidence and a story you can defend in front of your CFO, your CEO, and the board, even as your code volume doubles.
A collaboration built over the past year
Cursor selected Endor Labs to secure their own codebase before we started building together. Their security team chose Endor Labs to solve a problem their previous tools couldn't: separating real vulnerabilities from noise.
“Over 97% of vulnerabilities flagged by our previous tool weren't reachable in our application,” said Travis McPeak, Security at Cursor. “AURI by Endor Labs shows the few impactful vulnerabilities, so we can patch quickly, focusing on what matters."
That customer relationship became the foundation for everything we've built together since. Over the past 12 months, we've worked with Cursor's product and security teams to bring AURI's capabilities into the Cursor experience itself, starting with a free MCP server to check for code security risks, exposed secrets, and vulnerable dependencies.
In December, we announced an integration with Cursor hooks, the foundation for deterministic, policy-driven security inside an agentic coding environment. That release focused on security for open source dependencies. Any package a Cursor agent installed got scanned by Endor Labs for malicious code or vulnerabilities before it landed on a developer's workstation.
Earlier this month, we extended that foundation by adding agent governance as a native capability built on top of Cursor hooks. Today's partnership is the next step: a joint commitment to deliver secure agentic coding workflows as a single, integrated experience for enterprise customers.
How it works
Monitoring and deterministic policy enforcement
Cursor hooks let Endor Labs sit at decision points inside the coding agent before a tool call executes, a dependency is installed, or code is committed. Hooks are deterministic by design. Unlike approaches that rely on LLM-based guardrails, policy enforcement isn't a probability. If a developer or agent attempts an action that violates a policy like pulling in a malicious package, using an unapproved MCP server, or running an unsafe command, Endor Labs blocks it.
Package firewall for AI coding agents and developer workstations
AI coding agents will pull in open-source packages to solve specific problems, often without human review. The Endor Labs Package Firewall intercepts those requests, checking each package against our continuously updated malicious package database. Approved packages pass through, and risky packages get blocked before they ever touch a developer workstation or agent runtime.
Safe patching and fixing as agents and developers work
Endor Labs works directly with the Cursor agent to secure code before it ever reaches a pull request. As the agent writes, Endor Labs checks for security flaws, flags exposed secrets, and surfaces vulnerabilities. It can also work in tandem with the agent to safely patch and upgrade dependencies without breaking your code.
The payoff lands at code review. Most security issues get caught and fixed in the loop, while the developer is still in the editor, rather than after the coding session has ended. This keeps teams shipping with fewer delays and work, saving time and tokens for engineering teams.
What's next
Within the next two to three years, every engineering organization will shift to fully agentic development. The leaders will be the companies that paired that velocity with a security and governance layer built for it from day one. That's the bet we're making with Cursor.
AURI for Developers is the free way to use Endor Labs with Cursor, and enterprise teams can book a demo to see how Endor Labs and Cursor work together to secure agentic coding.
What's next?
When you're ready to take the next step in securing your software supply chain, here are 3 ways Endor Labs can help:
.avif)