Simple age-old bugs give bad actors access to developers' secrets and source code-rich environments.

July 15, 2026

A popular artificial intelligence (AI) coding tool can be exploited in just two clicks, allowing attackers to install permission-rich model context protocol (MCP) servers on privileged developers' machines.

Much has been made of the cybersecurity risks in coding with AI. This week, researchers have been highlighting a higher-order issue: vulnerabilities in AI coding environments themselves. In particular, they've been picking apart the fastest-growing AI code editor, "Cursor AI." Any issue with Cursor has major potential since, according to its website, the program is used by more than 50,000 enterprises, including 64% of the Fortune 500. Its valuation exploded earlier this year, thanks to good revenue numbers and an acquisition by SpaceX.

On July 14, Mindgard revealed that Cursor AI can be exploited rather simply, by concealing malware in a fake Git file. One day later, researchers at Adversa AI unearthed two more vulnerabilities in the same platform. In a report shared exclusively with Dark Reading, they described a combination of two old-fashioned vulnerabilities that combine to let an attacker install malware on a victim developer's machine, in the form of a malicious MCP server.