From Code to Agents: Proactively Securing AI-Native Apps with Cursor and Snyk

The rapid adoption of AI agents for development is creating a critical security gap. We are moving from predictable logic, deterministic code paths, and human-driven workflows to non-deterministic agents that reason, plan, and act autonomously using large language models across the broader software development lifecycle. As enterprises adopt these autonomous AI agents, the core challenge isn’t just the new risks and attack vectors; it’s a loss of runtime control. These agents are now deciding which tools to call, what commands to execute, and automating how the data moves, all in real time.

This requires a new security guard at runtime and enforcement that can block unsafe tools, prevent data exfiltration, and uphold policy without slowing teams down. This marks a fundamentally new security territory for protecting autonomous behavior with runtime governance and enforcement beyond visibility alone.

Developers rely on agents to manage increasingly complex codebases and dependencies, but two major risks remain unaddressed: First, the agent itself is built upon a hidden third-party software supply chain (MCP servers, libraries, models, and dependencies) that may contain serious security vulnerabilities. Second, the agent's ability to act autonomously at runtime (e.g., executing shell commands, calling APIs, or MCP Servers) introduces uncontrolled risks, often bypassing traditional security controls and leading to compliance violations or the exposure to sensitive data. This lack of visibility and control has left security teams behind and trying to catch up, so AI innovation can continue to flourish.

To address these challenges, we are announcing Evo Agent Guard for Cursor integration to control and enforce policies that dictate the actions of these autonomous agents at runtime. This creates enforcement within the execution loop, building control policies that protect the agent’s action from contributing to dangerous behavior like PII leakage or toxic flows.

Evo Agent Guard for Cursor: Securing the agent lifecycle from creation to execution

Agents rely on third-party dependencies, execute commands at runtime, and connect dynamically to MCP tools and servers. Without embedded safeguards, these capabilities can lead to vulnerabilities, data leaks, or unintended policy violations.

This new integration between Cursor Hooks and Evo Agent Guard tackles these challenges holistically, securing the agent from the moment it’s created through its runtime operation. By embedding security into the agent lifecycle, organizations can confidently adopt AI-driven workflows, accelerating development without sacrificing visibility or control. In this context, Evo operates as a runtime sidecar alongside the agent, sitting directly in the execution path rather than observing from the outside. Because it sees agent decisions as they happen, Evo can block, modify, or constrain actions before they complete, from shell execution and tool calls to MCP responses and data exfiltration.

This is the critical distinction from post-hoc detection or tracing tools. Evo doesn’t just explain what an agent did after the fact; it decides what the agent is allowed to do in real time, restoring human control over autonomous systems without slowing them down. There are two main use cases for this integration: the first focuses on ensuring the agent supply chain is secure prior to deployment, while the second is focused on securing the agent's behavior and actions at runtime.

1. Pre-deployment scanning: Establishing agent trust

Every AI agent is built on a network of third-party components, libraries, models, containers, and MCP servers, which form its hidden supply chain. To eliminate risk before an agent takes any action, the Cursor Hooks integration with Evo establishes trust at the earliest possible moment.

Once a developer installs Cursor, the integration automatically triggers Evo MCP Scan of the underlying infrastructure, including MCP Servers and tools, including:

• Dependencies and packages

• Container images and associated metadata

• MCP server manifests and plugin descriptors

If critical vulnerabilities, malicious MCP servers, toxic flows, or poisoned tools are detected, the agent is prevented from running until the issues are resolved. This approach shifts security from reactive enforcement to proactive trust establishment, ensuring agents enter the environment with a secure foundation before they write code, invoke tools, or execute commands.

2. Applying runtime control policies

Evo Agent Guard now integrates with Cursor Hooks to establish and enforce runtime controls directly within the agent’s execution environment. This provides real-time prevention and controls to mitigate risks associated with the agent’s actions, ensuring the agent operates within defined safety and compliance parameters at runtime. Snyk can discover and prevent dangerous agentic behaviors such as PII, secret leakage, prompt injection, and toxic flows.

Once deployed, agents can act autonomously in dynamic environments, which introduces runtime risk that must be continuously enforced. Evo enforces real-time guardrails, ensuring that agents operate safely even when performing complex or unpredictable actions.

Evo Agent Guard continuously enforces and blocks:

• Malicious shell commands, network calls, and MCP tool invocations

• Prompts, responses, and tool outputs

A hybrid engine, combining deterministic rules with custom ML detectors, can alert, block, sanitize, or quarantine unsafe behaviors in real time, including:

• Exposure of sensitive data such as PII or secrets

• Indirect prompt injection attempts

• Misuse of tools or unsafe chain executions

This approach provides organizations with full visibility, governance, and enforcement across the agent lifecycle, reducing risk while allowing AI-driven workflows to scale safely.

Key use cases for AI-native application security:

1. PII detection

2. Blocking data exfiltration

3. Secrets protection

If a developer pastes a secret or token into a prompt, Evo Agent Guard can prevent it from ever reaching the model provider. The system can either strip the secret or block the action entirely, reducing the risk of exposure.

4. MCP tool filtering

When agents call MCP-connected tools, Evo Agent Guard scans both the call and the tool output. Unsafe tool outputs (e.g., injected prompts or malicious responses) can be blocked or sanitized before reaching the agent, preventing indirect prompt injection.

5. Toxic flow mapping

Evo Agent Guard reconstructs the agent’s full trace from prompts to tool outputs, toxic flows, PII, secrets, and indirect injection.

Setting a new security standard

These new integrations are significant because they are helping to establish a new industry standard for securing the AI software development lifecycle. Cursor, combined with Snyk, now provides a full lifecycle security architecture for AI agents:

• Secure at inception: Snyk scans code before deployment into the repo.

• Governed at runtime: Evo Agent Guard enforces guardrails and blocks unsafe actions

Together, Cursor and Evo Agent Guard provide organizations with unprecedented control and visibility over AI agents as they move from experimentation to production. Security teams can clearly enforce what agents are actually doing in real time, including actions like shell execution, network calls, and MCP tool usage, providing the first true posture view of agent behavior across the organization. Evo goes beyond visibility by automating runtime risk prevention, enforcing security policies that detect and block dangerous behaviors such as PII leakage, indirect prompt injection, and toxic data flows before they become incidents.

At the same time, Evo can establish trust at the foundation by creating an inventory and risk assessment of the agent supply chain, automatically scanning MCP servers and agent dependencies before deployment to secure the agent’s underlying infrastructure. The result is end-to-end protection. Agents that are understood, governed, and secured both before they run and while they act autonomously.

The Evo Agent Guard for Cursor is currently being built with security-sensitive design partners running Cursor agents in production. Interested in learning more about the Private Beta requirements? Fill out the form here.