Securing our codebase with autonomous agents

· Source: Cursor Blog · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Software Development & Engineering · Depth: Intermediate, short

Summary

Cursor has significantly enhanced its codebase security by deploying a fleet of autonomous security agents, increasing PR velocity 5x over nine months while catching over 200 vulnerabilities weekly across 3,000+ internal PRs. This system, built using Cursor Automations, leverages out-of-the-box integrations for webhooks and GitHub PRs, alongside a rich agent harness powered by cloud agents. A custom security MCP (Master Control Program) tool, deployed as a serverless Lambda function, provides persistent data storage for tracking impact, deduplication of LLM-generated findings using Gemini Flash 2.5, and consistent output formatting. Four key automation templates have been released: Agentic Security Review for new code, Vuln Hunter for existing codebases, Anybump for automated dependency patching, and Invariant Sentinel for daily monitoring of security and compliance invariants.

Key takeaway

For MLOps Engineers or Security Engineers managing large, rapidly evolving codebases, adopting agentic security solutions like Cursor Automations can dramatically improve security posture and operational efficiency. You should explore integrating autonomous agents into your CI/CD pipeline to automate PR reviews, dependency patching, and compliance monitoring, freeing up human security teams for more complex tasks and ensuring consistent coverage at scale.

Key insights

Autonomous agents can significantly scale codebase security by automating vulnerability identification and remediation.

Principles

Method

The system uses a security MCP for persistent data, finding deduplication via Gemini Flash 2.5, and consistent output. Agents are deployed as serverless Lambda functions, triggered by webhooks and GitHub PRs, and manage specific security tasks.

In practice

Topics

Code references

Best for: AI Security Engineer, Security Engineer, MLOps Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Cursor Blog.