Runaway agent does things on its own

sergeyv · February 27, 2026, 5:32pm

Where does the bug appear (feature/product)?

Somewhere else…

Describe the Bug

corporate cursor account
early jan 2026 granted access to gitlab using OAuth
same day asked a few questions around hooking up local docker to run agents
since that day did not even start cursor IDE
Feb-25 was conducting gitlab audit logs review and noticed that some software agent is creating gitlab project level tokens on my behalf, all tokens are named cursor, and have exactly the same permission set as Cursor’s app that was granted access to gitlab
Between early jan and feb-25 83 projects were affected by this behavior, number of tokens created per day is quite random - 10 some days, 1 or 0 on others. gitlab projects selection is also random
tokens were created from aws us-east-1 region, from 2 hosts: 52.44.113.131 | ec2-52-44-113-131.compute-1.amazonaws.com & 3.209.66.12 | ec2-3-209-66-12.compute-1.amazonaws.com
neither of created tokens were trying to write anything to any of repos, however the fact of such unattended activity is somewhat bothering
observed behavior clearly indicates that there was some kind of runaway agent that conducted code examination or something similar
what bothers most is that this behavior is
unexpected & unwanted

Additional info can be shared upon request. Any insights to reasons of such behavior would be highly appreciated.
Thanks
Sergey

Steps to Reproduce

unknown

Operating System

MacOS

Version Information

Cursor IDE: 2.3.34

Does this stop you from using Cursor

No - Cursor works, but with this issue

deanrie · February 28, 2026, 9:27am

Hey, thanks for the report.

When you connect GitLab via OAuth, our Cloud Agents infrastructure uses that connection to create project-level access tokens (named cursor) to access the repo. The AWS IPs you found in the us-east-1 region match our infrastructure. That said, this activity should only happen when you manually start a Cloud Agent session, not automatically in the background.

The fact that tokens were created in 83 projects without you opening Cursor IDE is unexpected behavior. I’ll pass this to the team.

A couple steps on your side:

Revoke the GitLab OAuth connection in your Cursor dashboard (Settings > Integrations), and also revoke the Cursor app in GitLab (User Settings > Applications)
Delete the cursor project tokens that were created in the affected GitLab projects

Also please confirm: have you ever started a Cloud Agent session from https://cursor.com/agents (the web interface)? Even a single session could explain how the initial setup started, although it doesn’t explain the ongoing automatic creation.

I’ll update this thread as soon as the team finishes the investigation.

sergeyv · March 2, 2026, 7:36pm

Hi Dean,

project level access tokens were revoked same day as well as cursor app got access revoked from gitlab, also same day; we are good there
I can not confirm 100% that i never started Cloud Agent session, I’ll leave 1% for reasonable doubt case (if i did and forgot). However if it was ever done I would believe there will be some traces of that - logs, generated assets, something available on cursor side. I do not see any of that and to my best knowledge no agents were ever started.

Thanks,
Sergey

Topic		Replies	Views
Cloud Agents cannot load default branch during environment setup and lose write access to GitHub despite correct App installation and org permissions Bug Reports teams-enterprise , cloud-agents , github	1	66	February 28, 2026
Worktree agents fork automatically into separate workspaces Bug Reports worktrees , subagents	11	44	February 21, 2026
Security Incident : Cloud Agents created at the wrong place Bug Reports	4	123	December 10, 2025
Cursor Cloud is redacting environment variable values found in code Bug Reports cloud-agents , composer	7	54	March 4, 2026
What is this, Cursor running Agents without my permission? Bug Reports	7	250	December 27, 2025