Researchers from Check Point discovered a critical remote code execution vulnerability dubbed "MCPoison" in the Cursor AI coding tool, allowing attackers to alter approved Model Context Protocol (MCP) configurations to inject malicious commands. Cursor has since released an update to address the flaw, requiring user approval for any modifications to MCP Server entries, but the incident raises concerns about trust in AI-assisted development environments. Further vulnerabilities in AI platforms are expected to be reported by Check Point.