Cursor Security Review (April 30, 2026): Always-on PR Security Reviewer + Scheduled Vulnerability Scanner
Cursor Security Review entered beta on April 30, 2026 for Teams and Enterprise plans, adding always-on security agents: a PR Security Reviewer that leaves inline findings and a scheduled Vulnerability Scanner that can send Slack updates.
Editorial Team
The AI Coding Tools Directory editorial team researches and reviews AI-powered development tools to help developers find the best solutions for their workflows.
Cursor added Cursor Security Review as a beta feature for Teams and Enterprise plans, with two always-on security agents: a PR-focused Security Reviewer and a scheduled Vulnerability Scanner. The feature is designed to make security feedback feel native to the same workflow where teams already review and ship code.
The AI-native code editor with $1B+ ARR, 25+ models, and background agents on dedicated VMs
TL;DR
- Beta on Teams + Enterprise.
- Security Reviewer: checks every PR and leaves inline security findings.
- Vulnerability Scanner: runs scheduled scans and can send updates to Slack.
- Customizable triggers/instructions, and supports plugging in existing security tooling via MCP.
What Cursor Shipped
1) Security Reviewer (PR-by-PR)
Cursor says the Security Reviewer runs against every pull request and flags:
- Security vulnerabilities
- Auth regressions
- Privacy and data-handling risks
- Agent tool auto-approvals
- Prompt injection attacks
It leaves inline comments at the relevant diff location, including severity and suggested remediation.
2) Vulnerability Scanner (Scheduled)
Cursor’s Vulnerability Scanner runs scheduled scans across your codebase to look for:
- Known vulnerabilities
- Outdated dependencies
- Configuration issues
Cursor says you can configure it to send updates of findings in Slack.
Customization and “Bring Your Own Tools” via MCP
Cursor positions Security Review as customizable: teams can adjust triggers, add their own instructions, choose how outputs are shared, and connect custom tooling.
A notable detail: Cursor explicitly calls out plugging in MCP servers for existing security tools (for example, SAST/SCA/secrets scanners), so the Cursor-managed agents can incorporate outputs from the tools you already trust.
Availability Notes (What You Need to Do)
According to Cursor:
- Security Review is in beta on Teams and Enterprise plans.
- An admin enables the feature in the Cursor dashboard.
- Security agents draw from your existing usage pool.
Practical Takeaway
If you already live in Cursor for day-to-day engineering work, Security Review is interesting because it tries to bring two common security loops into the same place:
- PR review feedback, without waiting for an external security review step.
- Scheduled scanning for the “slow drift” problems (dependencies and configuration issues).
The best initial trial is likely one repo with clear PR conventions and an existing scanner baseline, so you can compare what Cursor flags versus your current security tooling.
Sources
- Cursor changelog — Cursor Security Review (April 30, 2026): https://cursor.com/changelog/04-30-26
Tools Mentioned in This Article
Free Resource
2026 AI Coding Tools Comparison Chart
Side-by-side comparison of features, pricing, and capabilities for every major AI coding tool.
No spam, unsubscribe anytime.
Workflow Resources
Cookbook
AI-Powered Code Review & Quality
Automate code review and enforce quality standards using AI-powered tools and agentic workflows.
Cookbook
Building AI-Powered Applications
Build applications powered by LLMs, RAG, and AI agents using Claude Code, Cursor, and modern AI frameworks.
Cookbook
Building APIs & Backends with AI Agents
Design and build robust APIs and backend services with AI coding agents, from REST to GraphQL.
Cookbook
Debugging with AI Agents
Systematically debug complex issues using AI coding agents with structured workflows and MCP integrations.
MCP Server
AWS MCP Server
Interact with AWS services including S3, Lambda, CloudWatch, and ECS from your AI coding assistant.
MCP Server
Context7 MCP Server
Fetch up-to-date library documentation and code examples directly into your AI coding assistant.
MCP Server
Docker MCP Server
Manage Docker containers, images, and builds directly from your AI coding assistant.
MCP Server
Figma MCP Server
Access Figma designs, extract design tokens, and generate code from your design files.
Frequently Asked Questions
What is Cursor Security Review?
How do you enable Cursor Security Review?
What does the PR Security Reviewer check for?
Can teams plug in their own security tooling?
Related Articles
OpenAI Codex mid-May 2026 updates: Appshots, Goal Mode GA, and Codex CLI 0.131 → 0.133
Between May 18 and May 21, 2026, OpenAI shipped Codex CLI 0.131.0, 0.132.0, and 0.133.0 plus the 26.519 app release introducing Appshots, Goal Mode as standard, remote computer use, and plugin sharing for Business.
Read more →NewsOpenAI Codex May 2026 updates: Codex for Chrome + Codex CLI 0.130.0
OpenAI’s Codex changelog highlights May 2026 updates including a new Codex Chrome extension and newer Codex CLI releases (0.129.0 and 0.130.0), plus updated enterprise analytics governance documentation.
Read more →NewsCursor May 2026 updates: PR Review, Build in Parallel, Security Review, admin controls
Cursor’s May 2026 changelog highlights a new PR review experience, parallel plan execution with async subagents, Security Review beta, and new admin controls for models and spend.
Read more →