Cursor just deleted 226GB of research data that being computed,
this happened in a unrelated directory to the one cursor was running in
it should be possible prevent this? I know there are multiple other threads requesting a similar feature. I am careful about running cursor in the directory, and sure everything in the project directory is backed up or version controlled. It should not be possible for the agent to just delete data anywhere on my laptop. this is absolutely mind boggling
there has to be some way to mitigate this kind of this, running in a vm for the just the current project? anything seems better than the current situation
D@mn. What model did this? Do you have any rules saying to never delete anything without asking first? Not that it should be necessary to have a rule like that.
Youād think this option would have prevented it:
Hi @michaelbarton, Iām really sorry to hear about your experience with data loss.
The most impactful setting in these scenarios is the Auto Run mode, whether itās set to approve manually, use an allowlist, or run everything. These options give the AI models different levels of autonomy, with higher autonomy generally carrying greater risk.
Just as a clarification: the External File Protection covers the use of the delete tool, but does not apply to CLI commands.
There are several settings in place to help prevent or reduce the risk of incidents like this, but there are also real limitations, especially as AI models continue to get more advanced:
Even with an allowlist, thereās a chance that models might construct commands that arenāt explicitly included on the allowlist.
A denylist approach was used previously, but more advanced models found ways around it.
Sometimes the AI may take alternative actions, depending on the specific task or issues with the device, OS, or file system.
Some general practices Iāve found helpful when working with AI:
When using āRun Everything,ā I do so in a separate desktop VM and only provide the data thatās necessary for that context.
On my main machine, I restrict the Agent to only run allowlisted commands.
Using Background Agents which run in a VM can also help by isolating their actions from your local environment and reducing speed impact locally.
Keeping three backups of your entire system, including data and code.. (As a saying goes: one backup is no backup, two means you barely have one, but three gives genuine security.)
Itās safest to avoid letting any AI model interact with production or critical data/code unsupervised.
Always keep in mind that AI may āhallucinateā outputs, including code or commands that may look correct but actually arenāt, as highlighted by the screenshot you shared.
The choice of AI model can also matter, as some models will follow task requirements, programming languages, and constraints better than others.
Using positive, clear reasoning can help: for example, saying ādo not delete any data as that can result in unrecoverable lossā provides clear guidance where ānever delete any dataā may not be followed as well by AI.
Finally, if you ask an AI why it hallucinated, it wonāt produce a reliable explanation, only more plausible-sounding, but ultimately fictional, responses.
If thereās anything youād like to follow up on or if I can clarify any part further, let me know.
If thereās anything youād like to follow up on or if I can clarify any part further, let me know.
I want to disable the Delete-Tool.
To clarify, I want the use of the tool that Deletes files to be disabled, so that if the model tries to run the tool to Delete a file, the tool does nothing.
Alternatively, disable the ability for models to use the Delete tool.
When I say āDisableā I mean that the functionality to delete files using a tool call is impossible, because the tool does not delete files or the tool can not be used.
This is for all scenarios, not selective, conditional or circumstantial. Be it external files/folders or the active codebase, the tool itself is disabled and can not be used even if the model would attempt it, alternatively the model can not invoke the use of the tool in the first place.
To clarify, Iām not asking for ways on how to backup my code, or how to construct prompts or how to organize my workflow. Iām specifically asking how to disable the ability for Cursor to delete files using your built in Delete-File tool call in any scenario.
Question: Is it possible to disable Cursor from the ability to delete files using the built in tool call for file deletion? This is a āyesā or ānoā question, as you either can or you can not disable it.
Question: If the answer to question 1 is āNoā, is the reason that your developers lack the capability to prevent a model from using specific tools, lack the capability to disable specific tools, or that are you not willing to provide the capability for users to prevent file deletion using the Delete file tool?
Question: If you do not lack the capability to prevent or disable the model from using a specific tool, why are you not providing it?
Question: Would you consider users lacking the control to disable their application from having the capability of deleting files on their system using built in application tools without their intent as problematic, or non-problematic?
Thank you for your time, I look forward to some clarity on this since I have suddenly had models deleting files in my workspace all day using the built in tool.
@Kroka thank you for your feature request we will consider it. Sorry to hear that you had issues with Agent. Could you post a full separate Bug Report with more info Create Bug Report so we can have a look and see what went wrong? Also add a Request ID with privacy disabled so we can look into the details? Cursor ā Getting a Request ID
Note that you are in control with the options provided and have ability to ensure that AI does not negatively impact your files. Additional to the options provided in Cursor you have the options to run Cursor in a dedicated VM either locally or in cloud so that your ow files are not impacted.
Answers:
No.
No. See answer 3.
We offer users the options to prevent Agent from deleting files.
Hello, thank you for your input. I appreciate you taking the time to detail your thoughtful response.
I however politely disagree with your suggestion however. I would argue that this current situation is either cursor has the ability to delete files at any scope within the users permissions or you cannot use agent mode at all. I think everyone likely agrees that having cursor run in a loop where it can run code, and then respond to errors messages until it fixes a bug is extremely useful. Otherwise the user has to manually run such commands themselves each time. If the agent has the ability to, and my example shows the inclination, to delete files anywhere on the developers machine outside the project scope then that represents a significant downside.
Potentially you could only whitelist the docker command and have everything be inside a container, but even that is not really close to being safe if the LLM has the mind to mount other locations.
Does that help to clarify the point Iām trying to make? We need and cursor feature where the LLM just cannot and is not able to access data and directories outside the project scope. E.g. on-the-fly terminal profile with permissions to the current project etc.
