A new report has revealed a serious vulnerability in Cursor, an AI powered coding platform based on a popular code editor and widely used by vibe coders who depend on AI assistance. The issue came to light when a new employee at a common security company found that Cursor’s integration with AWS Bedrock allowed non-admin users to change spending limits to more than 1 million without any approval or alerts. AWS Bedrock is a service that offers a single API to access foundation AI models such as Amazon Titan, Anthropic Claude and Meta Llama.
The discovery was made after a new developer unintentionally exhausted the team’s monthly Cursor budget within a few hours. According to the report, “When he got notified of exceeding the limit, he wandered off to his user settings and found out he could simply change the organization’s budget limitations (to over 1M!) even though he wasn’t the admin. The admin received no notification.” The investigation found at least three major issues inside Cursor. There were no required spending caps, cost visibility was delayed by hours or days, and access controls were too permissive for regular users.
Researchers said the flaw put many organizations at risk of a silent and “catastrophic budget drain.” Since non-admin users could modify spending restrictions, attackers with leaked API tokens could also exploit the gap to run unlimited AI workloads. The report stated, “Any team member can edit spending limits without admin approval,” and added that a non-admin user could set caps to more than 1,000,000 and save changes without any checks in place.
Security teams believe the problem reflects a wider challenge in AI platforms where speed of use is often placed above strong protection. They warned that cloud bills could rise into millions before any alert is triggered. Hackers could also automate searches for leaked API tokens and burn through AI quotas quickly. The the security firm whose report uncovered the vulnerability in Cursor said, “Organizations using these platforms should immediately review billing settings, enable admin only controls, and implement spending caps. We notified both vendors on December 3rd to 4th 2024, and are awaiting responses.”
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
