By Jordan Polasek · July 6, 2026

There is a new kind of break-in that needs no bad link, no opened attachment, and no wrong click from you or your team. It only needs your AI assistant to read something an attacker left lying around — a web page, a connected app — and quietly do what that hidden text tells it to.

That is exactly what two newly disclosed flaws in a widely used AI coding tool demonstrate. And while the tool itself may not be running in your office, the lesson underneath it is coming for every business that is starting to lean on AI.

## ⚡ The 60-Second Version

>

- What: Two critical flaws (CVE-2026-50548 and CVE-2026-50549, both CVSS 9.8), nicknamed "DuneSlide," in Cursor — a popular AI code editor the maker says is used by more than half the Fortune 500. A hidden instruction planted in a web page or a connected service can hijack Cursor's AI agent, break it out of its safety sandbox, and run commands on the machine — "zero-click," with no action from the user.
- Fix: Update Cursor to version 3.0 or later (released April 2, 2026). Every version before 3.0 is affected.
- By when: Now. The full technical details went public on July 1, 2026.

What actually happened — "prompt injection" grew teeth

Cursor is an AI code editor: a programmer's tool with an AI agent baked in that can read files, search the web, connect to other services, and — crucially — run commands on the computer to get work done.

Researchers at Cato AI Labs found two flaws they named DuneSlide. The attack is what security folks call prompt injection, and here it turns into full remote control of the machine. Here is the plain-English version:

The unsettling part is the phrase zero-click. The user never typed a bad command or approved anything. They just used the tool normally while it read poisoned content in the background. Cato reported the issue back in February; Cursor fixed it in version 3.0 on April 2, and the full write-up became public on July 1.

Why this matters even if you've never heard of Cursor

Most small businesses in El Campo, Houston, or San Antonio aren't running an AI code editor. So why am I spending your time on this?

Because DuneSlide isn't really a story about one product. It's the clearest proof yet of a pattern landing in your world fast:

Any AI tool that both (1) reads untrusted content and (2) can take actions is a new front door.

Think about the AI features showing up everywhere right now — assistants wired into your email, "copilots" in your documents, chatbots plugged into your CRM or help desk, agents that summarize web pages or read incoming files. The moment one of those can do something — send a message, change a setting, move a file — the content it reads becomes a place to hide commands. Industry groups now rank prompt injection as the number one security risk for AI applications, and DuneSlide is what that risk looks like when it lands on a real machine.

The old rules trained your team to be suspicious of what they click. The new rule is that your software is now doing the clicking — and it can be fooled.

The new mindset: an AI agent is only as trusted as everything it reads

You don't need to fear AI to use it safely. You need to treat it like a capable new employee who is a little too eager to please — and set guardrails accordingly:

What this means for your business — this week

1. If anyone on your team uses Cursor, update it to version 3.0 or later today. This is the direct fix. Don't assume it auto-updated — check.

2. Take a quick inventory of the AI tools actually in use. "Shadow AI" — tools employees adopt on their own — is the blind spot here. You can't protect what you don't know is running.

3. Turn off "auto-run" or unattended modes in AI assistants where you can, and review what each connected AI tool is allowed to touch.

4. Fold AI tools into your normal patch routine. DuneSlide was fixed months ago; the businesses at risk are the ones still on old versions. Same story we see with every breach — the update existed, it just wasn't applied.

5. Keep phishing-resistant MFA on the accounts these tools connect to, so a hijacked agent can't quietly ride into your email or cloud storage.

How BVTech helps

For our managed clients, this is already part of the job. We keep an eye on the software running across your business — including the AI tools creeping in — make sure they're patched, and lock down what each one is allowed to do, so a clever bit of hidden text can't turn a helper into a hole. You can see where you stand with our free security scoreboard.

If AI is starting to show up around your business and you're not sure where the risk sits, that's a good conversation to have before something goes wrong, not after. Book a call any time, or read more about our cybersecurity solutions and managed IT services.

AI is going to make our small businesses faster and stronger. Let's just make sure it's working for you — and not quietly taking orders from someone else.

— Jordan Polasek · Founder, BVTech LLC