Cursor apps were the cleanest we scanned in our 100-app study — but "cleanest" still meant 18% had critical issues and 64% had high-severity ones. Cursor gives you more control, which helps. It also means the gaps are subtler and easier to miss when you read your own code.
Cursor users are typically more technical than users of no-code platforms. The code quality is higher. But AI-assisted development introduces a specific class of risk: the AI suggests patterns that look correct in isolation but create security gaps in the full application context.
Cursor often builds Next.js apps where the login check only runs in one place — middleware. That pattern was directly broken by CVE-2025-29927: a single HTTP header bypassed every middleware check — auth, rate limiting, and the browser-side guardrails (CSP).
CVE-2025-29927 affected every Next.js version from 11.x through 15.x with a CVSS score of 9.1 (Critical). The fix is defense in depth: check the login on every route handler and server component, not just in middleware.
Cursor suggests packages based on its training data. Some of those suggestions are outdated versions with publicly known bugs. The AI does not check whether a package has a published advisory before recommending it.
This is an inherited risk — the bug lives in a dependency, not in your code. But your app is the one that gets hit. `npm audit` catches the obvious cases, but transitive dependencies often slip through.
Cursor writes code one completion at a time. Each suggestion is locally fine but may leave gaps in the broader picture — SQL built with string concatenation (the door to SQL injection), login checks that only run in the browser, or APIs open to any origin.
In our study, 33% of vibe-coded apps had SQL or NoSQL injection points. The rate was lower in apps using ORMs like Prisma or Drizzle, but Cursor sometimes writes raw SQL when asked for specific queries.
Cursor-built apps often deploy without the headers that block injected scripts (CSP), stop clickjacking, or force HTTPS. The AI writes application logic but rarely touches the deployment config.
47% of the 100 apps we tested were missing these basic headers. Cursor apps got some help from Vercel defaults when hosted there, but many Cursor projects deploy elsewhere without them.
With platforms like Lovable, the security gaps are systematic and obvious — RLS is off on every table. With Cursor, the issues are more nuanced. Each AI-generated code completion is locally reasonable. The vulnerability emerges from the interaction between components that were generated separately.
For example, Cursor might generate a middleware.ts file that correctly checks authentication. It might also generate an API route that fetches user data. Both look fine in isolation. But if the API route does not independently verify auth — relying entirely on middleware — then any middleware bypass (like CVE-2025-29927) gives unauthenticated access to all user data.
Similarly, Cursor might suggest a Prisma query that is safe against injection, but when you ask it for a custom SQL query, it generates string concatenation instead of parameterized queries. The AI optimizes for the immediate context, not the security posture of the whole application. That is why automated scanning catches things that code review misses — it tests the running app, not individual files.
Flowpatrol tests the running application, not just the code. It catches the gaps that emerge when individually correct components interact insecurely.
Verifies authentication is enforced in route handlers and server components, not just middleware. Catches single-layer auth that CVE-2025-29927 exposed as insufficient.
Probes API endpoints with crafted inputs to detect SQL injection, XSS, SSRF, and other injection vulnerabilities that safe-looking code can still produce.
Scans for exposed secrets, misconfigured headers, dependency vulnerabilities, and framework-specific issues across your entire deployed application.
How the same BaaS default shipped to production in Moltbook, Tea, Cal AI, and Quittr.
How one HTTP header bypassed all middleware auth in Next.js — the framework most Cursor apps use.
Why AI models generate injection-vulnerable queries and what safe patterns look like.
How AI generates working CRUD endpoints that miss the ownership check attackers exploit.
Cursor gave you a head start. A five-minute scan tells you what to fix before you launch.