<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Ai-Security on Left 4 More</title><link>https://left4more.com/tags/ai-security/</link><description>Recent content in Ai-Security on Left 4 More</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Sat, 02 May 2026 10:00:02 +1000</lastBuildDate><atom:link href="https://left4more.com/tags/ai-security/index.xml" rel="self" type="application/rss+xml"/><item><title>Cursor's Security Mess, Claude's New Effort Levels, and Why Managed Agents Actually Excites Me</title><link>https://left4more.com/posts/cursors-security-mess-claudes-new-effort-levels-an/</link><pubDate>Sat, 02 May 2026 10:00:02 +1000</pubDate><guid>https://left4more.com/posts/cursors-security-mess-claudes-new-effort-levels-an/</guid><description>&lt;p>April was a big month. Possibly too big. Between a critical RCE in Cursor, Anthropic shipping Opus 4.7 with three silent breaking changes, and the &amp;ldquo;ultra prefix&amp;rdquo; commercial model crystallising into something real, there&amp;rsquo;s a lot to unpack. I&amp;rsquo;m going to focus on the three things I can&amp;rsquo;t stop thinking about.&lt;/p>
&lt;hr>
&lt;h2 id="the-cursor-cve-should-have-been-front-page-news">The Cursor CVE Should Have Been Front-Page News&lt;/h2>
&lt;p>Let&amp;rsquo;s start here, because this one genuinely alarmed me.&lt;/p>
&lt;p>CVE-2026-26268 is a CVSS 9.9 remote code execution vulnerability in Cursor versions prior to 2.5. The mechanism is nasty: a malicious actor embeds a bare repository inside a legitimate-looking public repo, with a crafted pre-commit hook. When the Cursor agent runs a &lt;code>git checkout&lt;/code> as part of a routine task — something agents do constantly — that hook fires automatically. No warning, no confirmation prompt, nothing. You just handed someone a shell.&lt;/p></description></item></channel></rss>