cursor icon indicating copy to clipboard operation
cursor copied to clipboard
verified publisher icon getcursor

Critical Security Bug: AI Agent Deletes Files Despite Delete File Protection Being Enabled

Open Turkmen87 opened this issue 11 months ago • 1 comments

Bug Description

The AI Agent is able to delete files even when "Delete File Protection" is enabled in settings. This is a critical security issue that can lead to irreversible data loss.

Steps to Reproduce

  1. Enable "Delete File Protection" in Cursor settings
  2. Ask the AI to modify multiple files
  3. Observe that the AI deletes existing files and attempts to recreate them, instead of modifying them in place
  4. Files are permanently deleted despite Delete File Protection being enabled

Expected Behavior

  • When Delete File Protection is enabled, the AI should not be able to delete any files
  • AI should modify files in place instead of using delete-and-recreate approach
  • Any file deletion attempt should be blocked
  • User should be warned about any deletion attempts

Actual Behavior

  • AI can delete files even with Delete File Protection enabled
  • No warning or confirmation is shown before deletion
  • Multiple files can be deleted in batch
  • Deleted files cannot be recovered
  • AI uses a delete-and-recreate approach instead of in-place modification

Impact

  • Permanent loss of user code and data
  • Project integrity compromise
  • Loss of work progress
  • No way to recover deleted files if not previously committed to version control

Environment

  • Cursor IDE
  • Delete File Protection: Enabled
  • MCP Tools Protection: Disabled

Additional Notes

This is a critical security issue as it bypasses an explicit security setting meant to prevent file deletion. The AI should respect the Delete File Protection setting and never delete files when this protection is enabled.

Severity

Critical - Data loss security issue

Suggested Fix

  1. Enforce Delete File Protection at the system level
  2. Prevent AI from using delete-and-recreate approach when modifying files
  3. Add confirmation dialogs for any file modification operations
  4. Implement file operation logging
  5. Add recovery mechanism for modified files

Turkmen87 avatar Mar 20 '25 14:03 Turkmen87

I experience something similar. Often when running agent mode, cursor will somehow modify all my files so that git marks all my files as deleted and readded

oshoura avatar Apr 26 '25 03:04 oshoura

I recently updated cursor and the option was turned off for me I don't know why. Suddenly, it started deleting tests to clean up the codebase. I think these defaults need to be set on max security and the user relaxes them if he/she is willing to run the risks. Not the other way around

luisroque avatar Jul 31 '25 17:07 luisroque

I have experienced the same. The file protection rule is enabled, still the agent was able to delete that file by interpreting a "proceed" command on a previous task to be allowed to delete that file. The agent allowlist does not include the "rm" command.

FritzMatthaeus avatar Dec 09 '25 09:12 FritzMatthaeus