Cursor loads CLAUDE.md even when the "third party rules" toggle is turned off

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Cursor loads CLAUDE.md even when the “third party rules” toggle is turned off.

Steps to Reproduce

Put something in your CLAUDE.md. I don’t know if it matters, but we use a symlink. Turn off third-party rules. Ask the agent what prompts it is aware of without reading any additional files. It will recite the contents of CLAUDE.md.

Expected Behavior

CLAUDE.md should be ignored when third-party rules are turned off.

Operating System

Windows 10/11
Linux

Version Information

Version: 2.4.21 (user setup)
VSCode Version: 1.105.1
Commit: dc8361355d709f306d5159635a677a571b277bc0
Date: 2026-01-22T16:57:59.675Z
Build Type: Stable
Release Track: Default
Electron: 39.2.7
Chromium: 142.0.7444.235
Node.js: 22.21.1
V8: 14.2.231.21-electron.0
OS: Windows_NT x64 10.0.26100

Does this stop you from using Cursor

No - Cursor works, but with this issue

Hey @sthaber1 !

I did some testing, and I could reproduce this on the first agent run after toggling “third-party rules” off. Any successive runs stopped mentioning the rule I placed in CLAUDE.md.

Does this match your experience?

Hmm, no. I’ve had the toggle off this whole time and new agents are still picking it up.

Thanks.

Is the CLAUDE.md file in the root of your repo? Or is it, for example, under .cursor/rules?

It would also be great if you could share a Request ID where you reproduce this with the “third party rules” toggle off. This would also require privacy mode to be at least temporarily disabled for the length of this chat (it can be turned back on afterwards). This toggle can be found under Cursor Settings > General > Privacy.

It’s at the root of our source tree, adjacent to .cursor (not inside it). Unfortunately I cannot turn privacy mode off for our organization, even briefly.

Would be nice if you guys could find a way to capture relevant details for troubleshooting, without violating privacy, so that you don’t have to request your users disable privacy mode like this.

I am unable to supply Request IDs for the same reason…our company has a strict policy that they have reiterated numerous times now, that privacy mode has to be kept on at all times (and not just for cursor usage, but ALL AI/LLM usage across the company.) This is not unreasonable, especially when companies are developing technology they may patent, etc. We just cannot risk exposing IP.

1 Like

In my case if there was a per-user toggle, I would be happy to turn it off for myself in a sandbox. But the toggle is org-wide. I guess I could make a separate account, but not worth the squeeze.

This topic was automatically closed 22 days after the last reply. New replies are no longer allowed.