In the “Flagged Vulnerabilities” section of the new Security Agents, there is no way to track these outside of Cursor. It’s a pretty impressive feature and has picked up things that pentests have missed, so we’d like to integrate it into Vanta or Jira to keep on top of them.
It would also be great to have an agent link next to each one that could run a first pass at fixing them.
One workaround you might want to consider is attaching an MCP server to your security review, with custom instructions to search Jira/Vanta for the issue and create a new work item if necessary.
Not the same as a native integration/export format, but might help in the meantime.
Better CTAs on Security Review findings is on our to-do list! You’re not the first to ask.