Cursor Rolls Out Agent Sandboxing Across macOS, Linux, and Windows

CursorCursor

· Updated

Cursor rolled out agent sandboxing on macOS, Linux, and Windows - coding agents run freely inside a secure boundary and only interrupt for elevated permissions. Sandboxed agents stop 40% less often, fixing the approval fatigue that breaks parallel agentic coding.

Cursor rolled out agent sandboxing on macOS, Linux, and Windows - a security boundary where coding agents run terminal commands freely inside a controlled environment, only interrupting when they need to step outside it. The sandbox uses platform-native primitives: Seatbelt on macOS, Landlock and seccomp on Linux, and WSL2 on Windows. Each profile is generated dynamically from workspace settings and .cursorignore, protecting git hooks and config files from writes.

The core problem is approval fatigue. Running agents in parallel means constant prompts - developers stop reading them and rubber-stamp everything, defeating the point of oversight. Sandboxed agents stop 40% less often, which matters most in multi-agent workflows. Cursor reports a third of requests on supported platforms now run with sandboxing.

Enable sandboxing in Cursor settings - the agent handles the rest, surfacing constraint violations explicitly so you know when escalation is genuinely required rather than routine.

Cursor
Cursor
@cursor_ai
X

Over the last three months, we've rolled out agent sandboxing on macOS, Linux, and Windows. Sandboxes allow agents to run freely and securely, only requesting approval when they need to step outside it. Here's how we built it: https://t.co/5Tv8enRB5d

52retweets
View on X

Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →

Share this update