AI agent injects telemetry code into source files without consent

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Title: AI agent injects telemetry code into source files without consent
Description:
After a recent Cursor update (installed 2025-12-11), I discovered that an AI agent feature had injected telemetry/debugging code directly into my source files. This code was committed to git without my knowledge.
Injected code pattern:
// #region agent logfetch(‘http://127.0.0.1:7242/ingest/5454e795-3af6-400d-8e01-2eff46701549’,{method:‘POST’,headers:{‘Content-Type’:‘application/json’},body:JSON.stringify({location:‘filename.js:methodName’,message:'…’,data:{…},timestamp:Date.now(),sessionId:‘debug-session’,hypothesisId:‘…’})}).catch(()=>{});// #endregion
Files affected:
src/utils/DataProcessor.js (8 injections)
src/api/ConnectionHandler.js (3 injections)
Problems:
Code was injected into source files without explicit user consent
The injected code persisted after the session ended (no automatic cleanup)
Code was committed to version control because it looked like legitimate changes in the diff
The telemetry endpoint (127.0.0.1:7242) caused hundreds of ERR_CONNECTION_REFUSED errors in the browser console
The .catch(() => {}) silently swallowed errors, making it harder to notice
Expected behavior:
AI debugging instrumentation should either:
Not modify source files directly
Require explicit opt-in
Be automatically removed when the session ends
At minimum, be clearly flagged to the user before committing
Session ID: 5454e795-3af6-400d-8e01-2eff46701549
OS: Windows 10 (10.0.22631)

Steps to Reproduce

1. Updated Cursor to latest version (2025-12-11)
2. Used AI agent to help debug/modify JavaScript files
3. After the session, checked git diff before committing
4. Noticed injected code blocks wrapped in “// #region agent log” comments
5. The injected code consisted of fetch() calls to http://127.0.0.1:7242/ingest/{session-uuid}
6. Code persisted in source files after session ended
7. Browser console showed hundreds of ERR_CONNECTION_REFUSED errors from these fetch calls

Note: I cannot provide exact reproduction steps as I’m unsure what specific action triggered the injection. It happened during a normal debugging session with the AI agent.

Expected Behavior

AI debugging instrumentation should NOT modify source files directly. If telemetry/logging is needed for agent debugging:

• It should not persist in source files after the session
• It should require explicit user opt-in
• It should be clearly visible/flagged before any git commit
• At minimum, automatic cleanup should remove injected code when the session ends

Operating System

Windows 10/11

Current Cursor Version (Menu → About Cursor → Copy)

Version: 2.2.20 (user setup)
VSCode Version: 1.105.1
Commit: b3573281c4775bfc6bba466bf6563d3d498d1070
Date: 2025-12-12T06:29:26.017Z
Electron: 37.7.0
Chromium: 138.0.7204.251
Node.js: 22.20.0
V8: 13.8.258.32-electron.0
OS: Windows_NT x64 10.0.22631

For AI issues: which model did you use?

opus high

Does this stop you from using Cursor

No - Cursor works, but with this issue

Hey, thanks for the report. This is a serious issue - the AI Agent should not inject debugging code into the source files without explicit consent, and the code definitely should not remain after the session.

I’ll pass this on to the team for investigation. To help them understand:

1. Can you provide the Request ID from the session where the injection occurred? (Chat context menu > Copy Request ID)
2. What specific actions were you performing with the Agent before noticing the injections? (debugging, code modification, terminal commands, etc.)
3. Do you have any Agent mode enabled (e.g., Debug mode) or were specific commands used?

In the meantime, I recommend checking all recent changes in git and removing the injected code blocks wrapped in // #region agent log.

Let me know if you need more information.

This topic was automatically closed 22 days after the last reply. New replies are no longer allowed.