Is Cursor Safe? I Scanned 100 Apps. 67% Had Critical Vulns.

so I've been building ShipSafe — security scanner for AI-generated code — and a few weeks ago I got curious. like, actually curious. not "I wonder if AI code has bugs" curious, more like "how bad is it really and am I just being paranoid" curious. I grabbed 100 Cursor-built repos off GitHub. not tutorials, not demo apps. real production stuff — SaaS tools, internal dashboards, a couple e-commerce stores, bunch of API backends. found them by searching for .cursorrules files and Cursor-style commit patterns. then I scanned all of them with ShipSafe. 67%. sixty-seven percent had at least one critical vulnerability. the worst app had 14 separate issues. fourteen. average was 3.2 per app. ngl I expected some problems but not... that. % of apps had a critical vuln 67% IDOR 43% inverted auth 31% frontend-only admin checks 28% hardcoded secrets 22% this tracks with Stanford research that found ~45% of AI-assisted code has vulns. our numbers are worse, probably bc we only looked at shipped prod