We use cloud agents, but I don’t want cloud agents to exfiltrate data.
So I want to configure a network allowlist for my team. Cursor default allowlist is too strict and blocks my MCP.
It seems to be evocated in cursor UI. Yet, I have found nowhere in the UI nor documentation to do that :
Any insights?
Sandbox doesn’t seem to apply on cloud agents. I tried that, but without any success.
This is my mistake. Since cloud agents run on Cursor’s virtual machines, this is not configurable from sandbox.json. I suggest reaching out to support/sales (especially if you’re on Enterprise, where it’s more likely to be on the roadmap).
Hey there!
I think we’ve set up the UI a bit confusingly here.
https://cursor.com/dashboard?tab=cloud-agents that you’re selected Team Settings and not My SettingsRight now, based on your screenshot, it’s configured to “Allow all network access”, which means all traffic is allowed. If you select “Defaults + Team allowlist” it will point you to your Sandbox network access control settings.
On team settings tab + selecting Defaults + team allowlist, I have the first screenshot shared with you 
default allowlist point me to the documentation. Nothing else is clickable.
any clue anyone ?
+1 – this is a huge limitation for rolling out Cloud Agents to my team at the moment
Hi @Alytrem,
Apologies for not clarifying sooner! The team allowlist feature is only available to Enterprise plan users.
I realize the current wording is confusing because it references a Team allowlist that you can’t configure. I’ll flag this with the team to get it updated.
You can still set network settings under My Settings, which each member of your team would need to do.
If Cursor wants to make team allowlists an Enterprise feature, that’s fine, but please at least give us the ability to lock the Network Access Policy to something like defaults + individual allowlist across the team. This way we can prevent a teammate from overriding the team policy to something more permissive (i.e. allow all)
@Colin would it be possible to update this UI in the near future? It’s frustrating I spent several minutes trying to find this in the UI and then finally stumbled across this thread on Google. I do think it’s a bummer that an important security feature that is available to individuals is not available to teams, but the confusion makes it worse.
