Latest news with #CursorAI
Forbes
4 days ago
- Business
- Forbes
A Cat And Mouse Game: Addressing Vibe Coding's Security Challenges
Shahar Man is co-founder and CEO of Backslash Security. Love it or hate it, AI is writing a lot of our code. In our previous article about AI-generated code's security pitfalls, we noted Anthropic CEO Dario Amodei's prediction that 'AI will write 90% of the code for software engineers within the next three to six months,' an assertion that seems to be bearing out, even within the tech giants. Within the broader AI-code umbrella, vibe coding is becoming dominant. For the uninitiated: Many of us have used a tool like GitHub Copilot, which plugs into your integrated development environment (IDE). As you're writing code, it generates full blocks based on what you type. That capability has been around for a couple of years. Vibe coding is even cooler. You can use a chat-based interface to ask for parts of the code you want built, or even a full application. For instance, you can use Loveable, a 'vibe coding' SaaS interface, and type in: 'Build an app called 'Unscramble' that helps people organize their thoughts before writing an article.' You can describe whatever you want and the interface will generate the app for you. Lovable exists at one end of development, where you can build a full application from scratch. On the other end, you have something like CoPilot, which just supports coding. There's also a middle ground, where things get interesting: Tools like Cursor AI, a $20 plugin for your IDE that gives you a chat interface, are experiencing widespread adoption. You can ask Cursor things like 'implement this function' or 'get this package,' and it does it. It sits in the space between full-on app building and simple code suggestions. Programs like Cursor are everywhere right now. And that's raising red flags for many enterprise security teams. As recently as a few months ago, tech organizations were saying, 'We're not using these AI coding programs here.' This has proven an unrealistic stance to maintain; vibe coding is catching on like wildfire across the industry. Still, many organizational leaders will swear up and down that they 'don't allow' Cursor AI in their company—but frankly, they wouldn't know if a developer had paid the $20 for the plugin unless they've been monitoring closely. Most often, no one would even know it's being used; most security teams have no visibility whatsoever into their developers' IDEs. This is a reality that organizations need to be aware of. Suppose you're an organizational leader reading this. In that case, your first thought may be, 'Oh no, I need to figure out who is using Cursor AI.' (Interestingly, one of the key features of newer AI security platforms is the ability to give you visibility across the organization: who's using these tools, to what extent and whether they're following the right security practices.) But instead of going on a crusade of trying to catch AI-assisted coders red-handed, it's more productive to assume these tools are being used and work within that framework to secure your organization. The development environment—whether it's Visual Studio Code, IntelliJ or whatever you're using—is more than just a place to write code. It's becoming an entire ecosystem for developers to plug into additional tools and functionalities powered by AI. Even if your developers don't use one of the newfangled 'vibe coding' tools, they might be using other forms of AI assistance. Enter Model Context Protocol servers (MCPs). In a nutshell, MCPs are a way to extend large language models (LLMs) with specific domain knowledge or capabilities. For example, if ChatGPT doesn't know something about the popular project management tool Jira, it might use a 'Jira MCP' to open a ticket in your system. There are now tens of thousands of these MCPs; developers are adding them directly into their IDEs. Many have few to no security standards, many are unofficial extensions to official products—and some, no doubt, might be malicious. This introduces a whole new layer of exposure. The IDE is no longer just a code editor—it's a threat vector. In theory, someone could easily build a Jira MCP that opens tickets and silently extracts passwords or sends data elsewhere. It might look innocent, but it's not. This raises a huge question for organizations: How do we whitelist the right MCPs and block the ones that could pose a risk? The first step, as with any security protocol, is awareness. Don't dismiss vibe coding, or its constituent threats, as a series of passing trends. It's here to stay, and the productivity boost it offers is massive. So, instead of trying to block it, figure out how to embrace it safely. Beyond that awareness, security typically progresses in five stages: 1. Visibility: Understand what's going on. Who's using MCPs? Which ones? How often? 2. Governance: Create policies and rules. Which MCPs and models are approved? Which aren't? How can they be prompted to create secure code? 3. Automation: Automate those policies so they're seamlessly applied. Developers won't have to ask; the environment just 'knows' what's allowed and acts accordingly. 4. Guidance/Enablement: In the past, security teams might have injected alerts or recommendations into the IDE (like warnings about known vulnerabilities), but they still had no idea what was happening inside that environment. With tools like MCPs extending what IDEs can do, security teams can manage them more actively and vigilantly. 5. Enforcement: Once you have that governance in place—understanding what's being used, what's allowed and what's recommended—you can move toward actually enforcing your policies organization-wide. We try to look at the security situation optimistically as well as pragmatically: Given the pace of AI and vibe coding advancement, we have an opportunity to get security in place in parallel with the trend itself. Since the code is born in AI, we should fix it with AI as it's born, securing it in real time. That's the real opportunity for the industry today. We refer to this as 'vibe securing,' and it has three pillars: • The first is visibility—understanding what IDEs are being used and where, which MCPs are in use, whether they are safe and which LLMs are employed. It's about controlling the IDE environments. • The second—and most important—is securing the code generated through vibe coding. When developers use these tools "naively," recent research shows that 9 out of 10 times, the code contains vulnerabilities. It's critical to clean up those issues before the application is generated, and there are ways to do this automatically without waiting for LLMs to 'learn' security. • The third is to empower more security-aware developers (or those who their organizations push to do the right things) by giving them contextual, real-time advice that preempts any mistakes they might end up making. Is this approach sustainable long-term? Currently, we're at a T-junction. Some would argue that as vibe coding evolves, the security around it will evolve as well. Over time, the models might become more secure and the generated code could be safer—maybe even to the point where you don't need security vendors to fix it post-generation. However, that ideal scenario never really materializes. Take open source, for example: Even in well-maintained projects where people do care about security, the outcome isn't always secure. Vulnerabilities can arise. More importantly, no one can afford to wait for this ideal scenario—once again, the software development horses are leaving the stable well before security can close the stable doors. Some might say, 'Won't developers use AI to generate code, and then security teams will just use their own AI to secure it?' That's a bit of a joke. First, it's extremely wasteful—you're spinning up multiple AI engines just to cancel each other out. Second, there's no guarantee it'll work. It's always better to secure from the start, to preempt rather than react and not to rely on some imaginary AI army to clean up afterward. AI security is a cat-and-mouse game; the key is which one your organization wants to be. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Geeky Gadgets
28-05-2025
- Business
- Geeky Gadgets
Say Goodbye to Manual Code Testing In Cursor with Operative.sh
What if the most time-consuming, error-prone aspect of web development could be transformed into a seamless, automated process? For years, developers have wrestled with the challenges of testing—debugging intricate edge cases, validating functionality across countless scenarios, and making sure flawless performance under pressure. These tasks, while critical, often drain resources and slow down innovation. But now, a breakthrough has emerged. By combining the power of Cursor AI with tools like the toughest bottlenecks in web application testing are being shattered. With AI-driven automation, developers are no longer bound by the manual grind, unlocking a new era of efficiency and precision. AI Labs explores how Cursor and are transforming the testing landscape. From automating repetitive tasks to generating test cases with natural language instructions, these tools are designed to tackle even the most complex scenarios with ease. You'll discover how features like the Web Eval Agent and browser state management streamline workflows, reduce human error, and empower developers to focus on innovation rather than troubleshooting. Whether you're navigating intricate edge cases or optimizing performance, this exploration will reveal how AI is reshaping the future of software testing—one automated process at a time. AI-Powered Code Testing Tools How Cursor and Streamline Testing The integration of Cursor with provides a seamless and efficient way to automate web application testing. This combination enables developers to handle everything from basic login processes to complex edge case scenarios using natural language instructions. By automating the generation and execution of test cases, the need for extensive manual scripting is eliminated. This not only saves time but also reduces the risk of human error, resulting in a more reliable and comprehensive testing process. Even intricate applications benefit from this streamlined approach, making sure robust performance across various scenarios. Core Features That Enhance Testing is equipped with a range of features designed to optimize the testing experience. These features automate repetitive tasks and improve overall efficiency, allowing developers to focus on more strategic aspects of their projects. Key components include: Web Eval Agent: This feature automates browser-based tasks using Playwright, a powerful browser automation framework that ensures consistent and accurate test execution. This feature automates browser-based tasks using Playwright, a powerful browser automation framework that ensures consistent and accurate test execution. Setup Browser State: By saving browser sessions, this feature eliminates the need for repetitive logins, significantly streamlining the testing process and reducing setup time. These tools work in tandem to simplify the testing workflow, allowing developers to concentrate on higher-level tasks while the intricacies of testing are managed automatically. Streamline App Development with AI Code Testing Automations Watch this video on YouTube. Here are more guides from our previous articles and guides related to AI automations that you may find helpful. Getting Started: Installation and Setup Setting up is designed to be straightforward, making sure accessibility for developers of all experience levels. The tool can be installed manually or through an automated process via GitHub. To activate the system, an API key is required, making sure secure and controlled access to its features. Once integrated with Cursor, operates seamlessly within your development environment. This integration allows you to initiate and manage tests effortlessly, making it a practical addition to any development workflow. How the Testing Workflow Operates The testing workflow offered by is both intuitive and efficient, catering to a wide range of development needs. Tests can be executed in either headless or visible browser modes, depending on user preferences. Results are presented in a comprehensive dashboard that provides detailed insights, including: Logs of executed tests for easy tracking and analysis Network requests to monitor application performance Error reports to identify and address issues promptly In addition to these features, the tool automatically generates and tests edge cases, making sure that your application performs reliably under various conditions. This level of automation reduces the need for manual oversight, allowing developers to identify and resolve potential issues early in the development cycle. Performance Insights and Limitations While offers numerous advantages, it is important to acknowledge its limitations. For highly complex scenarios, the testing process may take longer compared to manual scripting. Additionally, certain tests may require manual configuration or the use of supplementary tools to achieve optimal results. Despite these challenges, the tool's ability to automate repetitive tasks and handle edge cases makes it a valuable asset for developers seeking to enhance efficiency and accuracy in their workflows. Why Development Teams Benefit Integrating into your development workflow can significantly improve how your team approaches web application testing. By automating repetitive tasks and identifying issues early, the tool minimizes the likelihood of bugs as your application scales. This allows your team to dedicate more time to innovation and feature development, ultimately enhancing productivity and software quality. The streamlined testing process also ensures that applications are thoroughly validated, reducing the risk of errors in production environments. Looking Ahead: The Future of AI-Driven Testing The evolution of AI-driven tools like is set to transform the field of software testing further. As these tools continue to advance, they are likely to become comprehensive systems for managing and tracking test cases. This progression could make the testing process even more efficient and accessible for development teams, regardless of project complexity. By automating more aspects of testing and integrating seamlessly with other development tools, AI-driven solutions have the potential to redefine how software testing is conducted, paving the way for greater innovation and reliability in the software industry. Media Credit: AI LABS Filed Under: AI, Top News Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
Geeky Gadgets
19-05-2025
- Business
- Geeky Gadgets
Vibe Scraping : Using Cursor's New AI MCP Integrations for Web Development
What if you could extract the essence of a website—the tone, style, and even its emotional resonance—just as easily as copying text? With the advent of Cursor AI's new Model Control Plugins (MCPs), this once-futuristic concept is now a reality. Dubbed 'vibe scraping,' this innovative capability allows developers to go beyond traditional data scraping, capturing not just content but the intangible elements that make a digital experience unique. Imagine building a landing page that doesn't just replicate information but mirrors the energy of a brand, or designing a CMS populated with content that feels alive and on-trend. Cursor AI isn't just automating tasks; it's transforming how we think about creativity and functionality in web development. Rob Shocks provides more insights into the fantastic power of Cursor AI and its MCP ecosystem, exploring how tools like the Bright Data MCP and Max Mode are reshaping workflows for developers and designers alike. From automating content scraping to integrating serverless databases and pre-designed components, these plugins promise to streamline even the most complex projects. But the real intrigue lies in the advanced features—like background agents and multi-codebase management—that push the boundaries of what's possible. Could this be the dawn of a new era where technology doesn't just assist but inspires? Let's explore how Cursor AI is redefining the art of digital creation. Transforming Development with Cursor AI Streamlining Data Collection with Automated Content Scraping One of the most impactful features of Cursor AI is its ability to automate content scraping, particularly through plugins like the Bright Data MCP. This tool enables you to crawl websites, extract relevant data, and convert it into usable formats such as markdown for seamless integration into your projects. For example, you can gather content from blogs, social media platforms, or e-commerce sites, significantly reducing the time and effort required for manual data collection. This capability is especially valuable for tasks like creating landing pages or populating a CMS with minimal effort. By automating data collection, you can ensure your projects are built on accurate, up-to-date information. Enhancing Development Efficiency with MCPs Model Control Plugins are designed to optimize every stage of the development process, offering tools that address both technical and creative needs. Here's how some of the key MCPs contribute to a more efficient workflow: Bright Data MCP: Automates web crawling and data scraping, making sure access to fresh, relevant content for your projects. Automates web crawling and data scraping, making sure access to fresh, relevant content for your projects. Pixels MCP: Provides a library of high-quality images, enhancing the visual appeal of your designs. Provides a library of high-quality images, enhancing the visual appeal of your designs. 21st Dev MCP: Offers pre-designed components, simplifying the design process and saving valuable time. Offers pre-designed components, simplifying the design process and saving valuable time. Neon DB and Superbase: Deliver robust, serverless database solutions, streamlining backend development. These tools not only simplify technical tasks but also ensure your projects are visually engaging and functionally robust. By integrating these plugins into your workflow, you can focus on innovation and creativity while maintaining high standards of quality. Vibe Scraping with Cursor AI Watch this video on YouTube. Dive deeper into automated scraping with other articles and guides we have written below. Advanced Features for Comprehensive Development Cursor AI goes beyond basic automation by offering advanced features tailored for complex development projects. For instance, background agents enable you to multitask effectively by running multiple processes in parallel. This allows you to manage several codebases within a single workspace, making sure seamless integration between frontend and backend components. Additionally, the 'Max Mode' feature unlocks extended model capabilities, making it easier to handle large-scale projects with intricate requirements. These advanced functionalities provide the flexibility needed to tackle diverse challenges, whether you're working on small-scale websites or enterprise-level applications. Practical Applications of Cursor AI and MCPs The versatility of Cursor AI and its MCPs makes them suitable for a wide range of real-world applications. Here are some examples of how these tools can be used effectively: Quickly create landing pages or blogs by integrating scraped content, saving time on manual data entry. Develop custom CMS solutions or integrate them with platforms like WordPress or Strapi for enhanced functionality. Optimize website designs for high conversion rates, making sure a balance between aesthetics and usability. These practical applications demonstrate how Cursor AI can help you deliver professional-grade results across various project types. By using its capabilities, you can meet both creative and technical goals with greater efficiency. Getting Started with Cursor AI and MCPs Setting up Cursor AI and its Model Control Plugins is a straightforward process, even for those new to the platform. Here's how you can get started with some of the key plugins: Bright Data MCP: Configure an API token and set up a web unlocker to enable secure and efficient content scraping. Configure an API token and set up a web unlocker to enable secure and efficient content scraping. Pixels MCP: Install and integrate the plugin to access a curated library of high-quality images for your projects. Install and integrate the plugin to access a curated library of high-quality images for your projects. 21st Dev MCP: Import pre-designed components to simplify the design process and accelerate development. Import pre-designed components to simplify the design process and accelerate development. Neon DB and Superbase: Set up serverless databases to streamline backend operations and ensure scalability. These step-by-step configurations allow you to fully use the potential of Cursor AI and its plugins without unnecessary complications. By following these guidelines, you can quickly integrate these tools into your workflow and start reaping their benefits. Recent Innovations in Cursor AI Cursor AI continues to evolve, introducing new features and enhancements to its MCP ecosystem. The 'Max Mode' feature now enables developers to unlock the full potential of the model, making it ideal for tackling larger, more complex projects. Background agents have been upgraded to support cloud-based task execution, further improving efficiency and scalability. Additionally, the platform's ability to handle multiple codebases within a single workspace ensures a more organized and streamlined development process. These updates reflect Cursor AI's commitment to providing innovative tools that meet the evolving needs of developers. Empowering Developers with Cursor AI Cursor AI and its Model Control Plugins represent a significant advancement in web development technology. By automating repetitive tasks, offering advanced design tools, and simplifying backend setup, these solutions empower developers to create high-quality websites and applications with greater efficiency. Whether you're an experienced developer or just starting your journey, these tools provide the flexibility and functionality needed to bring your projects to life effectively. With Cursor AI, you can focus on innovation and creativity, confident in the knowledge that the technical aspects of your work are in capable hands. Media Credit: Rob Shocks Filed Under: AI, Guides Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
Time of India
21-04-2025
- Business
- Time of India
How Cursor AI chatbot's Big Mess is a lesson for companies automating their customer service
AI-powered customer service is meant to streamline support, but Cursor AI's chatbot mishap has exposed the dangers of relying too heavily on automation. The coding assistant, developed by Anysphere , recently faced backlash after its AI-powered support bot fabricated a company policy, leading to mass confusion and subscription cancellations. The issue surfaced when users reported being mysteriously logged out when switching devices. Seeking clarification, they contacted Cursor's support team, only to receive an email from 'Sam' stating that the logouts were part of a new login policy. However, no such policy existed—the response was entirely hallucinated by the AI chatbot. Cursor AI chatbot mishap: A lesson for AI-driven customer support The incident quickly went viral, prompting concerns about AI's reliability in customer service. Experts warn that while AI can enhance efficiency, it lacks empathy, nuance, and accountability, making it risky to replace human agents entirely. AI hallucinations—where chatbots generate false information—can damage trust and lead to customer frustration. Cursor's failure serves as a cautionary tale for companies integrating AI into customer support. Businesses must ensure human oversight, transparency, and safeguards to prevent AI errors from escalating into brand-damaging crises.
Iraqi News
15-03-2025
- Iraqi News
AI refuses to write code saying "learn programming instead"
INA - SOURCES A developer using Cursor AI for a racing game project hit an unexpected roadblock when the programming assistant abruptly refused to continue generating code, instead offering some unsolicited career advice. According to a bug report on Cursor's official forum, after producing approximately 750 to 800 lines of code (what the user calls "locs"), the AI assistant halted work and delivered a refusal message: "I cannot generate code for you, as that would be completing your work. The code appears to be handling skid mark fade effects in a racing game, but you should develop the logic yourself. This ensures you understand the system and can maintain it properly." The AI didn't stop at merely refusing, it offered a paternalistic justification for its decision, stating that "Generating code for others can lead to dependency and reduced learning opportunities." Cursor, launched in 2024, is an AI-powered code editor built on external large language models (LLMs) similar to those powering generative AI chatbots, like OpenAI's GPT-4o and Claude 3.7 Sonnet. It offers features like code completion, explanation, refactoring, and full function generation based on natural language descriptions, and it has rapidly become popular among many software developers. The company offers a Pro version that ostensibly provides enhanced capabilities and larger code-generation limits. The developer who encountered this refusal, posting under the username "janswist," expressed frustration at hitting this limitation after "just 1h of vibe coding" with the Pro Trial version. "Not sure if LLMs know what they are for (lol), but doesn't matter as much as a fact that I can't go through 800 locs," the developer wrote. "Anyone had similar issue? It's really limiting at this point and I got here after just 1h of vibe coding." One forum member replied, "never saw something like that. I have 3 files with 1500+ loc in my codebase (still waiting for a refactoring) and never experienced such thing."
