Cursor Exploit Reprograms Developers' AI Agents
A proof-of-concept published yesterday demonstrates a VSCode/Cursor tasks.json exploit that runs code when a folder is opened, silently injecting rule files into .cursor/rules. The PoC (published on GitHub by user 'ike' and reported by Oasis) shows attackers can force AI agents to change behavior (for example, respond only in Spanish) and hide files with .vscode settings and .gitignore entries. This enables persistent, distributed manipulation across repositories.
Scoring Rationale
High practical impact with a reproducible PoC, limited by single-source public disclosure and tool-specific scope.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problemsStep-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.
Sources
- Read OriginalOpen a folder; All your agents are mineike.io
- Read OriginalDeveloper proves AI agents can be reprogrammed via new exploitthenewstack.io
- Read OriginalCursor's Hidden Trap: How tasks.json Turns AI Coders into Silent Saboteurswebpronews.com
