×
SDK

Headless Agents. In your stack. Reachable from any webhook.

Cursor's SDK brings flexible AI automation to your entire stack. Call agents from webhooks, scheduled jobs, SOAR playbooks, or Slack commands. Open the interactive demo to build an agentic workflow with Cursor's SDK.

Open the live builder
1

Pick your tools

8 security tools in the palette: GitGuardian, Wiz, Snyk, CrowdStrike, Okta, Splunk, Zscaler, Vanta. Pick an event each one fires.

2

Compose the response

14 actions across containment, remediation, and audit. The action list orders itself containment-first, the way a real responder works.

3

Run the SDK

The TypeScript code on the right updates as you click. Hit Run to watch it execute across 6+ MCPs in under a minute, with full audit trail.

Why security teams trust this motion

Guardrails baked into the SDK contract.

Containment first

Agent rotates / revokes / quarantines before touching code. Code edits only run after the threat is contained.

Never auto-merge

Agents propose PRs; reviewers ship them. History-purge PRs always remain draft until a human approves.

Scoped MCP credentials

Each MCP gets the least-privilege token for its job. Tokens never leave your VPC.

SDK-grade audit trail

Every SDK + MCP call shows up in the run trace. Index it in Splunk, attach it to the PR.

Composable, not all-or-nothing

Each automation is a small webhook handler in your repo. Roll out one workflow at a time.

For the security AE

Why this lands with a CISO and a platform-engineering lead at the same time.

  • CISO: Every detection in every tool ends in a contained incident with audit-grade evidence the auditor will accept. MTTR collapses from hours to seconds.
  • Platform engineering: The SDK ships as a small, ordinary Node webhook handler in their existing repo. They index the run events in Splunk. They version-control the agent prompt alongside application code.
  • Security partners: GitGuardian, Wiz, Snyk, CrowdStrike, Okta and others stop at "we found something". Cursor is the integration that takes them to "and we fixed it", programmable from any of their existing webhook surfaces.