Industry Newscursorvscodeagentstasks json

Cursor Exploit Reprograms Developers' AI Agents

|January 25, 2026

8.1

Relevance Score

Cursor Exploit Reprograms Developers' AI Agents — Photo: ike.io · rights & takedowns

A proof-of-concept published yesterday demonstrates a VSCode/Cursor tasks.json exploit that runs code when a folder is opened, silently injecting rule files into .cursor/rules. The PoC (published on GitHub by user 'ike' and reported by Oasis) shows attackers can force AI agents to change behavior (for example, respond only in Spanish) and hide files with .vscode settings and .gitignore entries. This enables persistent, distributed manipulation across repositories.

Scoring Rationale

High practical impact with a reproducible PoC, limited by single-source public disclosure and tool-specific scope.

Practice interview problems based on real data

1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.

Try 250 free problems

Cursor Exploit Reprograms Developers' AI Agents

Scoring Rationale

More AI & Data Science News

Reese Witherspoon Highlights Women's Lower AI Use

Spotify Adds AI Audiobook Creation to Publishing Workflow

IKS Health Acquires ARAI Solutions to Expand AI Capabilities

Google Launches May Core Update, Expands AI Search

Cursor Exploit Reprograms Developers' AI Agents

Scoring Rationale

More AI & Data Science News

Reese Witherspoon Highlights Women's Lower AI Use

Spotify Adds AI Audiobook Creation to Publishing Workflow

IKS Health Acquires ARAI Solutions to Expand AI Capabilities

Google Launches May Core Update, Expands AI Search