Cursor's Agents Get More Autonomy, Less Oversight
Cursor shipped a mobile app, new automations, and an auto-review mode that cuts approval prompts. Here's what that means for your app's security.
Cursor pushed a wave of updates this cycle. None of them are a breach. All of them point the same direction: agents doing more, with fewer humans in the loop. If you shipped an app with Cursor, that's worth five minutes of attention.
TL;DR
- Cursor's new iOS app lets you launch and control always-on cloud agents from your phone. cursor.com/changelog/ios-mobile-app
- Cursor Automations now trigger from GitHub and Slack, and support "computer use." cursor.com/changelog/06-18-26
- A new "Auto-review" run mode lets agents work longer with fewer approval prompts. cursor.com/changelog/auto-review
- Cursor also launched a Security Review beta — but it's Teams and Enterprise only. cursor.com/changelog/04-30-26
Your agent now has more standing access
Cloud agents in Cursor need a real development environment to do real work: cloned repos, installed dependencies, credentials for your toolchain, access to your build system. That's the tradeoff behind the new cloud environment setup. cursor.com/changelog/05-13-26
Now add the iOS app. You can start, monitor, and remote-control those same cloud agents from your phone. cursor.com/changelog/ios-mobile-app And Automations can now fire from a GitHub event or a Slack message, and use "computer use" to operate a machine directly. cursor.com/changelog/06-18-26
None of this is bad on its own. But stack it up: an agent with repo access, build credentials, and a live environment, triggerable by a Slack message, controllable from a phone. If any one link in that chain is misconfigured — an overly broad Slack integration, a repo webhook anyone can hit — the agent is the thing that acts on it.
Fewer approval prompts, more trust by default
Cursor's new Auto-review mode is built to let agents "work for longer with fewer approval prompts and safer execution." cursor.com/changelog/auto-review The SDK update ships alongside it, adding custom tools and nested subagents for teams building on top of Cursor. cursor.com/changelog/sdk-updates-jun-2026
The pitch is speed: less babysitting, more throughput. The tradeoff is oversight. Every approval prompt you remove is a checkpoint where a human used to catch a bad diff, a leaked secret, or a change to an auth rule before it shipped. If you turn this on for a solo project, you are the only reviewer left. Read the diffs anyway.
Enterprise customers also got org-level controls — separate security, governance, and budget settings per team. cursor.com/changelog/enterprise-organizations That's a sign Cursor knows bigger customers need guardrails around this autonomy. Solo builders and small teams on lower tiers don't get that same admin layer.
Cursor built a security reviewer — but you may not have access
The most relevant release for this newsletter: Cursor Security Review, now in beta. It runs two always-on agents — a Security Reviewer and a Vulnerability Scanner — against your code. cursor.com/changelog/04-30-26
The catch: it's beta, and it's on Teams and Enterprise plans only. If you're a solo founder or on a Pro plan, this isn't in your toolbox yet. That's exactly the gap outside scanning tools exist to fill — someone still has to check your auth rules, your API routes, and your database policies before you ship.
FAQ
What is "computer use" in Cursor Automations?
It's an automation mode where the agent operates a computer directly — clicking, typing, running tasks — rather than just editing code. Combined with GitHub and Slack triggers, it means an automation can start and act without you opening Cursor at all. cursor.com/changelog/06-18-26
Should I turn on Auto-review for my project?
If you're the only person checking code before it ships, be cautious. Auto-review is designed to reduce approval prompts, which means fewer moments where a human catches a mistake. For solo or small-team apps, keep manual review on for anything touching auth, payments, or your database rules.
I'm not on a Teams or Enterprise plan — how do I get a security review?
Cursor's built-in Security Reviewer and Vulnerability Scanner are beta features limited to Teams and Enterprise. cursor.com/changelog/04-30-26 If you're on Free or Pro, you need an external check — manually review your API routes and database rules, or run a scan built for AI-generated apps.
The bottom line
Cursor's agents can now do more, reach further, and ask permission less often. That's good for speed. It raises the cost of a misconfiguration, because there are fewer humans positioned to catch it before it ships. Cursor's own security tooling is a good sign — but it's not available to everyone yet. If you're not on Teams or Enterprise, the review has to come from somewhere else.
Find your gaps before an attacker does.
Is My Site Hackable? scans your deployed app for the exact issues in this article — exposed keys, missing RLS, open buckets — and tells you what's real and what's a false alarm.
Run a free scan →