I recently came across some interesting information regarding Cursor’s DeepSeek implementation through this discussion thread Potential concern with Deepseek R1 - #2 by danperks, which revealed that Cursor utilizes DeepSeek models provided through Fireworks. This discovery has prompted me to share some observations and raise a few questions for discussion.
In my experience, I’ve noticed significant differences between the DeepSeek model integrated into Cursor and the official DeepSeek service:
Response latency appears to be notably different
There seem to be certain implicit limitations in the Fireworks implementation
While using DeepSeek’s official service with Cursor works smoothly, the built-in model often requires additional prompting to generate code outputs
What particularly interests me is the economic aspect of this implementation choice. Given that the pricing structure for DeepSeek models is comparable to other advanced models like GPT and Claude, but with significantly lower token costs, I’m curious about:
The reasoning behind choosing Fireworks as the provider instead of directly utilizing DeepSeek’s official service
Whether there are any plans to potentially switch to DeepSeek’s official service in the future
I believe this could lead to a constructive discussion about Cursor’s technical decisions and future development plans. I would greatly appreciate any insights from the team or community members on this matter.
From a pure privacy standpoint, it’s a completely different proposition to use the DeepSeek API vs. using the model weights.
Many Cursor users—myself included—feel uncomfortable sending their code to China.
While the argument could be made comparing this practice to using the OpenAI or Anthropic APIs, there are two important distinctions:
OpenAI & Anthropic are US-based companies. They operate within US law, are subject to regulatory oversight, and their operations can be independently audited to ensure compliance with privacy and data protection standards.
Since OpenAI & Anthropic are not open-weight models, this choice is not even available for consideration.
Actually, I honestly don’t really care which provider it will be or not. I’m more interested in the fact that I can continue using these requests included as quick requests. For example, I saw somewhere else on the forum that the webscr1 request is a premium request, but I haven’t faced a queue, which is fine for me. Just imagine if we used a real provider, and that increased the cost of the requests, and we had to wait in long queues like we do now with Anthropique. That would be simply horrible. So, honestly, I don’t care about the provider; what matters to me is having fast and unlimited access to these requests, just like it used to be on So Nic. So I don’t know if I should support this or not, but what matters is that the requests stay the way they are. It’s perfect for me. Congratulations on version 0.45.2!
I’m happy that DeepSeek open-sourced their models. That does not make me comfortable sending my data to China (speaking for myself here). The fact that we have the weights is the benefit of it being open-sourced, allowing us the choice to run it on our own infra.
I share your frustration with OpenAI becoming ClosedAI. That does not change the reality of the situation. Being a US-based company matters when it comes to data protection.
Some American friends are reluctant to send their data to servers located in China.
As a Chinese user, I feel a bit awkward. There are some politically sensitive issues related to China and the US that I’m not in a position to elaborate on, but I think everyone more or less understands them.
Oh, how delightfully ironic it is to see political debates erupting in a tech product forum, spare me the riveting discourse on US-China relations or government surveillance; I’m sure there are better venues for that, like your local coffee shop’s comment board.
Here’s my simple, politics-free request (shocking, I know): As a Cursor user, I couldn’t help but notice that their DeepSeek service performs about as well as a chocolate teapot compared to DeepSeek’s official offering. So, here’s a wild thought - could we perhaps get an option to switch providers for us “politically oblivious” folks who just want our code to work? You know, instead of turning this into another episode of “Global Politics: Developer Edition.”
Just a humble suggestion from someone who’d rather debug code than debug international relations.
Let me put it this way: I couldn’t care less if your DeepSeek service is powered by advanced AI, three caffeinated hamsters in a wheel, or your neighbor Bob’s quantum calculator - just give me something that actually works! Based on the feedback from myself and fellow users (who are clearly not imagining things), Fireworks seems to be performing about as well as a chocolate windshield wiper in a heatwave.
And before anyone asks - no, this isn’t about politics, partnerships, or the grand cosmic scheme of things. It’s simply about getting a service that doesn’t make me question my life choices every time I use it. Is that too much to ask?
So, by your logic, shouldn’t Canadian developers avoid sending their code to U.S. servers too? I mean, the current U.S. president, Donald Trump, literally said Canada should be part of the United States.
Honestly, comments like this come off as biased and unnecessarily divisive. It’s pretty offensive, to be honest. How about focusing on the real issues—like data protection and compliance—rather than making assumptions just because of where a service provider is based?
Well, well, well… It seems some politically hyper-sensitive souls have reported this post, causing it to play hide-and-seek for a while.
To any potential readers and our dear moderators who might be reviewing this: You’ll notice that my original post was about as politically charged as a potato - zero political stance, zero aggression, just pure, innocent content.
Just a gentle reminder that this is a tech community, not a political battleground. You know, the kind of place where we discuss bits and bytes, not political fights!
I understand some folks might be more politically sensitive than a cat in a room full of rocking chairs, but perhaps we could save that energy for… oh, I don’t know… actual political forums?
Remember: This is a space where the most controversial debate should be tabs vs. spaces, or whether pineapple belongs on pizza.
Let’s not let your hair-trigger political sensitivity turn every innocent post into an episode of House of Cards, shall we?
I completely agree. I don’t care about politics and other imaginary lines our government draws for us when discussing tech.
From a purely technical POV, I would like Deepseek integration due to it’s performance and it’s efficiency. Not integrating Deepseek models and the fact that we are stuck with o1 (needs on-demand credits) or sonnet feels antiquated.
@jake Would it be possible to give users the choice of whether they want to enable DeepSeek or not? Perhaps you could display a disclaimer stating that Cursor has no control over the data sent to DeepSeek and prompt users to review and agree to DeepSeek’s privacy policies if they wish to proceed. Alternatively, users could disable privacy mode to access DeepSeek features.
The U.S. and Canada both operate under strong, transparent data protection laws with independent oversight, even if their approaches differ slightly.
Statements by Trump about Canada have no bearing on legal structures or privacy practices.
In contrast, China’s legal environment allows extensive, non-transparent government access to corporate data, making it fundamentally different from the U.S.-Canada context.
If that isn’t a concern to you, I respect that.
As mentioned by Dan here, you are more than welcome to hook up the DeepSeek API to your own codebase.
And to be clear: my views are my own, and do not necessarily reflect the views of Cursor, or anyone in the Cursor team.
I have to agree, but at the same time the geographical location of the servers where data is sent to is a real issue. These ‘political’ issues affect how I can do my job. I’m employed by a business that supplies to our government, and although I can justify using infrastructure from western allies (USA), I can not do so for Chinese servers. Sticking our collective heads in the sand is just not good enough anymore, when industrial espionage from China is a given fact.
For those who, contrary to Cursors DeepSeek properly setup availability through Fireworks servers, want to use the original DeepSeek servers: Your data was exposed. Congrats!
A severe security incident was discovered involving DeepSeek’s internal services. The company had an exposed ClickHouse database that contained sensitive information, including customer request history and observability data (OpenTelemetry spans).
Technical Details
The exposure was particularly concerning because the database was accessible:
Without any authentication - Contained logs with request data of customers
Included development infrastructure and observability data
Security Implications
This incident raises serious questions about DeepSeek’s security practices, especially considering that:
ClickHouse’s default installation process explicitly requests setting up a password
The default configuration restricts external network access and limits the default user to localhost only
Multiple authentication methods were available but not implemented, including:
Password authentication with bcrypt/sha256
Certificate authentication
SSH key authentication
The exposure was particularly notable as it allowed complete database control and potential privilege escalation within the DeepSeek environment without any authentication measures in place
Just to clarify. This is not about Cursors DeepSeek integration as they use secure Fireworks servers. The issue occurred on DeepSeek’s own servers when users used their own API access.
However, China also used the same method against ChatGPT at that time, including directly blocking the cloud host server if the keywords such as chatgpt were found in the traffic of cloud service providers (Alibaba Cloud, Tencent Cloud, etc.), and no refund would be given. This is why so many websites in China that use GPT as a shell are still very profitable and profitable. These are all verifiable with historical data.
Deepseek’s user agreement states that data will be permanently stored and shared with other third parties (as a Chinese, I also understand that this is also the profit model of most Chinese companies). In addition, there have been cases of Deepseek chat records being leaked recently.
