Cursor and Chainguard have announced a partnership to address supply chain security risks in AI-generated code. The integration gives Cursor agents access to Chainguard's catalog of over 2,300 hardened container images and millions of Python, JavaScript, and Java library versions built from publicly verifiable sources. Instead of pulling dependencies from public registries like PyPI, npm, or Maven Central — which have been targeted by recent supply chain attacks — Cursor can now route dependency resolution to Chainguard's verified artifact store. Developers can trigger migration using natural language, with Cursor handling credential configuration automatically. Chainguard continuously rebuilds images to maintain a zero-CVE state, often within hours of upstream patches. The partnership targets the core risk of agentic development: AI agents making dependency decisions at machine speed without manual review.
Table of contents
Agents don’t pause to checkA threat pattern already playing outRebuilds within hoursSort: