Hi everyone,
My company wants to start working with Cursor. As a Security Engineer, I have been asked to review the product’s privacy aspects.
I’ve read a lot about Cursor’s Privacy Mode, Security section, SOC 2, etc.
However, there’s one critical point I want to validate with you as it is highly important to my organization.
On the Privacy page, under the TL;DR (Other Notes) section, it states:
“Even if you use your API key, your requests will still go through our backend! That’s where we do our final prompt building.”
I want to ensure I understood this correctly. For example, if I’m working on a project that reads from an S3 bucket and requires an IAM User/Role, does this mean that when I use your IDE, my AWS credentials are being sent to your backend?
I assume I could verify this by inspecting the traffic with a proxy.
Looking forward to your response.
Many thanks,
Rubi