early jan 2026 granted access to gitlab using OAuth
same day asked a few questions around hooking up local docker to run agents
since that day did not even start cursor IDE
Feb-25 was conducting gitlab audit logs review and noticed that some software agent is creating gitlab project level tokens on my behalf, all tokens are named cursor, and have exactly the same permission set as Cursor’s app that was granted access to gitlab
Between early jan and feb-25 83 projects were affected by this behavior, number of tokens created per day is quite random - 10 some days, 1 or 0 on others. gitlab projects selection is also random
tokens were created from aws us-east-1 region, from 2 hosts: 52.44.113.131 | ec2-52-44-113-131.compute-1.amazonaws.com & 3.209.66.12 | ec2-3-209-66-12.compute-1.amazonaws.com
neither of created tokens were trying to write anything to any of repos, however the fact of such unattended activity is somewhat bothering
observed behavior clearly indicates that there was some kind of runaway agent that conducted code examination or something similar
what bothers most is that this behavior is
unexpected & unwanted
Additional info can be shared upon request. Any insights to reasons of such behavior would be highly appreciated.
Thanks
Sergey
When you connect GitLab via OAuth, our Cloud Agents infrastructure uses that connection to create project-level access tokens (named cursor) to access the repo. The AWS IPs you found in the us-east-1 region match our infrastructure. That said, this activity should only happen when you manually start a Cloud Agent session, not automatically in the background.
The fact that tokens were created in 83 projects without you opening Cursor IDE is unexpected behavior. I’ll pass this to the team.
A couple steps on your side:
Revoke the GitLab OAuth connection in your Cursor dashboard (Settings > Integrations), and also revoke the Cursor app in GitLab (User Settings > Applications)
Delete the cursor project tokens that were created in the affected GitLab projects
Also please confirm: have you ever started a Cloud Agent session from https://cursor.com/agents (the web interface)? Even a single session could explain how the initial setup started, although it doesn’t explain the ongoing automatic creation.
I’ll update this thread as soon as the team finishes the investigation.
project level access tokens were revoked same day as well as cursor app got access revoked from gitlab, also same day; we are good there
I can not confirm 100% that i never started Cloud Agent session, I’ll leave 1% for reasonable doubt case (if i did and forgot). However if it was ever done I would believe there will be some traces of that - logs, generated assets, something available on cursor side. I do not see any of that and to my best knowledge no agents were ever started.
@deanrie Any updates on this issue? We experienced a similar issue at my company and we had to put a moratorium on Cloud Agents due to the uncontrolled PAT creation.
Hey @Rob_Hughes this is a known issue we’re tracking. There’s no timeline yet, but your report really helps especially since it’s now affecting multiple teams.
For now, here are the recommended steps:
Revoke the GitLab OAuth connection in your Cursor dashboard Settings > Integrations
Revoke the Cursor app in GitLab User Settings > Applications
Delete any cursor-named project tokens that were created in affected GitLab projects
Could you share a few details to help us investigate?
About how many projects were affected?
When did you first notice the token creation?
Were any Cloud Agent sessions started on purpose before this happened?
@sergeyv thanks for confirming. Everything looks good on your side now that the revocations are done.
I’ll update this thread when we have progress on a fix.
I did start a Cloud Agent session on Jan 30, prior to our DevOps team noticing the pat explosion. I think there are others at the company who may have, as well. Feb 11th was when the issue was first noticed.
I was only using one repo at the time. An engineer created this list from a scan for the pat name. It appears to have put itself into 76 repos. I’ve redacted the project names column since this is a public forum, but you can see the creation dates.