Over the last three months, we've rolled out agent sandboxing on macOS, Linux, and Windows. Sandboxes allow agents to run freely and securely, only requesting approval when they need to step outside it. Here's how we built it: https://t.co/5Tv8enRB5d
Cursor Rolls Out Agent Sandboxing Across macOS, Linux, and Windows
· Updated
Cursor rolled out agent sandboxing on macOS, Linux, and Windows - coding agents run freely inside a secure boundary and only interrupt for elevated permissions. Sandboxed agents stop 40% less often, fixing the approval fatigue that breaks parallel agentic coding.
.cursorignore, protecting git hooks and config files from writes.The core problem is approval fatigue. Running agents in parallel means constant prompts - developers stop reading them and rubber-stamp everything, defeating the point of oversight. Sandboxed agents stop 40% less often, which matters most in multi-agent workflows. Cursor reports a third of requests on supported platforms now run with sandboxing.
Enable sandboxing in Cursor settings - the agent handles the rest, surfacing constraint violations explicitly so you know when escalation is genuinely required rather than routine.
Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →

