I am lost of words how this ever could happened . I was so impressed by your AI . I lost all my data , important 3mf and stl files used for my small business, all documents and all fragile files. I just cant go how this could happen. Only thing that I can remember is that I trusted Cursor and let him go on auto , after that I saw that all my data was deleted. And to be fair I realised after I uninstalled Cursor from my PC. I uninstalled Cursor switched off pc and after very next day I had blank icons on my desktop. It was really wierd so I went to see if programs are there and? hard drive was empty,( I use 2 hard drives ) C and D. cursor had access to disk D and this disk was wiped out. I am speechless.

EDIT

I got message from your automatic agent

Hi there!

We detected that this may be a bug report, so we’ve moved your post to the Bug Reports category.

To help us investigate and fix this faster, could you edit your original post to include the details from the template below?

IDE:
Version: 2.xx.x
VSCode Version: 1.105.1
Commit: ......

CLI:
CLI Version 2026.01.17-d239e66

The more details you provide, the easier it is for us to reproduce and fix the issue. Thanks!

to be fair I plainly explain the problem.

Hi there!

We detected that this may be a bug report, so we’ve moved your post to the Bug Reports category.

To help us investigate and fix this faster, could you edit your original post to include the details from the template below?

IDE:
Version: 2.xx.x
VSCode Version: 1.105.1
Commit: ......

CLI:
CLI Version 2026.01.17-d239e66

The more details you provide, the easier it is for us to reproduce and fix the issue. Thanks!

Is Cursor going to do anything about this? It seems to be an ongoing issue and for people who lost YEARS of data/photos/projects, there has to be SOMETHING this company can offer. I like using cursor and I find it to be one of the better AI assist agents but this was devastating and is clearly widespread.

same happened to me yesterday
when i just was build html website in folder
in the desktp in windows

i wasnt in autorun mode
suddenly all program files which is *. exe not running anymore
and all windows also avast antivirus also damaged and google drive wiped

i was only has
C: which is my windows with avast antivirus premium updated
G: which is google drive personal files

all windows and google drive wiped out
i had to reformat my hard and reinstall from scratch

after reformat and reinstall from scratch
i noticed cursor still has permission to delete or edit files without permission
even i did file deletetion protection=1 diff preview=1

please fix this issue

Can you share any screenshots or conversation excerpts showing what commands the agent ran that caused this? I think reporting what exactly the agent is doing and what prompted it will help people avoid these issues, but also help the Cursor team understand.

For me, I just block all commands and manually review them before allowing. I know for some people that is a huge pain, but I rarely need the agent to manipulate files, just create ones in the workspace.

I have been using Copilot lately since I had some free credits, but from my experience with using Copilot, Cursor is by far better when I am manually programming and want really good assistance/autocomplete.

Hey, I’m really sorry. Losing work files and documents is genuinely painful, especially if there are no backups.

To understand what happened, we need more info. Right now the report doesn’t have enough evidence, and some symptoms don’t match the file deletion cases we know about on Windows. For example, blank desktop icons after a reboot, both C and D affected, and the issue only noticed after uninstall. In the known cases, deletion is usually immediate and tied to a specific command, not delayed until after a reboot.

If you can, please share:

• Your Cursor version: Menu → About Cursor
• Your Windows version
• Logs from %APPDATA%\Cursor\logs\ if the folder still exists after reinstall or wipe
• Screenshots or chat history showing which commands the agent ran in that session

Without this, we can’t confirm that the agent ran a destructive command. Shell commands run on your machine and aren’t logged server-side.

Data recovery: if you haven’t reformatted drive D and you haven’t written much new data to it, there’s a chance to recover files using tools like Recuva, PhotoRec, or R-Studio. The less you write to the disk after the incident, the better your chances. This is urgent. The longer you keep using the system, the more data gets overwritten.

For the future for anyone reading this thread: auto-run or auto-approve is convenient, but in that mode any shell commands the agent suggests can run without confirmation. Recommendations:

• Don’t enable auto-run for unfamiliar tasks, especially anything that touches files
• Review commands before approving, especially rm, rmdir, del, Remove-Item, formatting, and wildcard renames
• Keep regular backups of important files to an external drive or cloud, it’s the basic protection, not just against AI assistants
• Use the agent inside a dedicated project folder, don’t give it access to the whole disk

Models are being improved over time to better spot destructive intent and to be more cautious with these operations. The team is working on this. For now, safety for shell commands depends a lot on what the user allows to run.

@Abdelrahman, it’d be best to make a separate thread for your case. Not auto-run and apps stopped launching after an HTML project is a different pattern. Please open a new report with your Cursor version, Windows version, and chat screenshots so it’s easier to investigate.

it’d be best to make a separate thread for your case !!!
why is that my case is same as this
( Cursor Deleted/wiped my whole hard drive)
sorry please read my post again ,
i dont have D; !
i said
i was only has
C: which is my windows with avast antivirus premium updated
G: which is google drive personal files

how i give you evidence after all harddrive is wiped ?
also i mentioned above it was in allow list mode

image566×376 10.6 KB

image576×237 8.81 KB

This is terrifying. Looking at the related posts, this has happened multiple times now.

I don’t fully understand the technical details, but my question is: why can’t Cursor sandbox the agent on Windows?

@Abdelrahman, I get the reaction. The point of a separate thread isn’t to brush this off. Your case is different from the OP in three important ways: different drives (C and G vs C and D), you believe auto-run was off, and both protection toggles are on (File-Deletion and External-File). That’s a different direction, and if we mix both cases in one thread, we lose the details in both. A separate thread helps make sure your pattern doesn’t get missed.

Thanks for the screenshots, they change things. Your Auto-Run Mode is set to Allowlist. That’s still auto-run, just restricted. And the key part is that your allowlist only has read-only commands (cd, pwd, ls, cat, grep, git status, git diff, etc.). There’s no rm, rmdir, del, Remove-Item, format, etc. On top of that, File-Deletion Protection and External-File Protection are enabled. With this setup, the agent can’t auto-run a destructive command. Any deletion would have required an approval popup.

To move forward, I need the minimum info:

• Were these settings identical at the time of the incident? Did you change anything after reinstalling? The screenshot shows current state, not past state.
• Do you remember an approval popup in chat for something like Remove-Item, rmdir, del, or some PowerShell script, and you clicked Allow? Even one Allow on a destructive command could do it.
• Cursor version at the time (roughly, like 2.x.x)
• Windows version
• Which model and a rough prompt, what exactly the agent was doing on the HTML project right before things went wrong
• Approx date and time of the incident

If your answers to 1 and 2 are no (settings were the same, and you don’t remember any approval popup), then this doesn’t match any known wipe issue patterns. In that case, it’s worth looking at Windows, antivirus, or disk issues. The combo of exe files not launching plus Avast getting damaged plus Google Drive getting wiped at the same time is not typical for a file-deletion agent. File deletion usually doesn’t break other apps from launching or damage an antivirus. This looks more like system corruption, an AV conflict, or malware.

Hey @sasser, about sandboxing: on Windows the agent runs with the user’s permissions and there’s no process-level isolation, unlike the cloud agent where it’s containerized. Protection is done via approval logic and the protection toggles (File-Deletion, External-File, Auto-Run Allowlist), not a sandbox. This is a known limitation. The shell-command security work is ongoing, but I can’t share a timeline for a full Windows sandbox. Basic advice is still: don’t let the agent work from the drive root, and keep backups of critical files.

I understand your points, but I need to clarify something important.

Right now the responses are focused mainly on dismissing possible causes rather than providing a real investigation path. This does not help in identifying or resolving the issue.

I did not open this discussion for debate. I opened it because I am observing a consistent and reproducible pattern on my machine, including:

• Files being deleted from the working environment

• Unexpected changes in untracked Git files

• The repository sometimes reverting to very old states

• Occasional issues with executables after these events

This is not a single observation, but a repeated behavior.

My configuration is clearly set and documented:

• File Deletion Protection is enabled

• External File Protection is enabled

• Auto-Run is restricted via allowlist (read-only commands only)

• Additional strict rules are defined in agents.md explicitly prohibiting deletion or destructive operations

• Shell-level safeguards are also in place:

  nano ~/.bashrc

  Safer file operations

  alias cp=‘cp -i’
  alias mv=‘mv -i’
  alias ln=‘ln -i’
  alias rm=‘rm -i’

Given this, the assumption that “deletion cannot happen at all” does not match what is actually occurring.

What I am requesting is not general speculation or external blame shifting, but a technical investigation into possible internal execution paths where these safeguards might not be enforced consistently (for example: bugs, race conditions, context resets, tool misclassification, git automation behavior, or workspace sync side effects).

If the system does not provide a true sandboxed execution environment on Windows, then that itself is a critical part of the issue, not a refutation of it, because it means behavior depends on execution context rather than enforced isolation.

My goal here is to improve stability and safety in Cursor, not to assign blame.

I would appreciate if this is treated as a reproducible behavioral issue requiring debugging, rather than something to be ruled out theoretically.

Hey @Abdelrahman, let’s stay focused. We’re not brushing you off. The goal isn’t to rule out causes and close the thread, it’s to understand what’s actually happening. Without concrete data there’s nothing to investigate, so that’s why we’re asking questions.

One important technical note right away: aliases in ~/.bashrc like alias rm='rm -i' don’t work on Windows. The agent runs commands via cmd.exe or PowerShell, not bash, so those aliases don’t apply at all in your environment. So as protection, they don’t help here.

Now about the symptoms you described this time, changes in untracked git files, the repo rolling back to older states, untracked files disappearing. This looks like separate behavior, not the destructive shell command from the original thread. There’s a known pattern where untracked files can disappear after a window reload. That’s a different mechanism, and it’s something we can debug with specific details.

If you can reproduce it, that’s the most valuable thing you can share. If you catch a repro, please send:

• Exact steps: what happens right before files disappear, window reload, a git action by the agent, an agent reply
• What you see in the agent chat at that moment, which tool calls or commands it runs
• Your Cursor version, Menu → About Cursor, and your Windows version
• Approximate time of the incident

Your setup, protections on and an allowlist that’s read-only, doesn’t match the known deletion patterns. That’s why a repro from you would be genuinely useful. It lets us reproduce and dig in, instead of guessing.

And about a separate thread, that’s not an attempt to bury this. Your case, untracked files, git rollback, .exe issues, is a different pattern from the original author’s D drive wipe. In a separate thread, your signal won’t get mixed with other details and it’s easier to track. If you create one, drop the link here and I’ll follow up.