Cursor Rolls Out Agent Sandboxing Across macOS, Linux, and Windows

Feb 19, 2026 · Updated Apr 25, 2026

Cursor rolled out agent sandboxing on macOS, Linux, and Windows - a security boundary where coding agents run terminal commands freely inside a controlled environment, only interrupting when they need to step outside it. The sandbox uses platform-native primitives: Seatbelt on macOS, Landlock and seccomp on Linux, and WSL2 on Windows. Each profile is generated dynamically from workspace settings and .cursorignore, protecting git hooks and config files from writes.

The core problem is approval fatigue. Running agents in parallel means constant prompts - developers stop reading them and rubber-stamp everything, defeating the point of oversight. Sandboxed agents stop 40% less often, which matters most in multi-agent workflows. Cursor reports a third of requests on supported platforms now run with sandboxing.

Enable sandboxing in Cursor settings - the agent handles the rest, surfacing constraint violations explicitly so you know when escalation is genuinely required rather than routine.

View the full update on cursor.com

Cursor

@cursor_aiFeb 19

Over the last three months, we've rolled out agent sandboxing on macOS, Linux, and Windows. Sandboxes allow agents to run freely and securely, only requesting approval when they need to step outside it. Here's how we built it: https://t.co/5Tv8enRB5d

View on X

Keep reading

Cursor Reduces Desktop Application Memory Crashes by 80 Percent via Agentic Engineering

Cursor Publishes CursorBench, Its Internal Agentic Coding Evaluation Methodology

OpenAIMar 15

Keep reading

Cursor Reduces Desktop Application Memory Crashes by 80 Percent via Agentic Engineering

Cursor Publishes CursorBench, Its Internal Agentic Coding Evaluation Methodology

Keep reading

Cursor Reduces Desktop Application Memory Crashes by 80 Percent via Agentic Engineering

Cursor Publishes CursorBench, Its Internal Agentic Coding Evaluation Methodology