AI code editors like Cursor are changing how developers write and interact with code. But as these tools speed up development, they also shift when and how security should be applied. The Endor Labs Cursor integration is now available, bringing code, dependency, and secrets scanning directly into the AI coding workflow.

Why Cursor?

Cursor is built from the ground up to work with AI coding agents. That means tight integration between code editing and chat—backed by fine-tuned models from OpenAI, Anthropic, and others. It’s gaining wide adoption among developers and is already influencing how teams think about pairing with AI agents for faster software development.

What the integration delivers

Once installed, the integration runs lightweight scans using the Endor Labs application security platform as code is written—whether by the developer or the agent. It includes default rules that guide agents to check their output for security vulnerabilities.

For example, if an agent adds a new package to requirements.txt, it will automatically trigger an SCA scan. If a known vulnerability is found, the agent will attempt to upgrade the dependency using Endor Labs’ remediation guidance.

Developers can also prompt the agent directly—asking it to scan code for vulnerabilities within the chat interface. The integration supports:

• Scanning source code for flaws or weaknesses (SAST)
• Detecting secrets exposed in code
• Checking OSS dependencies for vulnerabilities (SCA)

All results are displayed locally in the chat window. In full agent mode, the LLM can automatically remediate issues by modifying code or upgrading dependencies.

Better feedback, earlier than ever

AI tools like Cursor can speed up development, but they can just as easily introduce risks that traditional workflows catch too late. This integration brings key security feedback into the AI development experience itself, so developers and agents can catch and fix issues as they code.

• Provides guardrails for agents before code review – guides the agent to check its own output in real time, reducing the number of issues that reach pull requests.
• Supports AI-driven fixes within the IDE – gives the agent the context to refactor insecure code, redact secrets, or upgrade dependencies automatically.
• Integrates security without friction – adds scanning directly into the AI development flow without requiring IDE plugins or switching to external dashboards.

This makes it easier to write secure code in the same place it’s written without context switching or interruptions. Developers get early feedback with minimal friction, and security teams gain confidence that risky code isn’t slipping through the cracks during rapid iteration.

‍

See how it works here:

Get started

The Cursor integration is now available in open preview  for all Endor Labs customers. Contact us today for a demo, or head to the docs to get started.

Additional Resources

• Introducing the Endor Labs MCP Server: Fix-first Security for AI Agents
• Endor Labs MCP Server Documentation
• What is MCP? (Cursor Docs)