Connectors · Anysphere Private Preview

Cursor

Rencore monitors Cursor across 22 governance policies, 3 reports, and 10 inventories, detecting cost overruns, unused seats, and MCP server risks automatically.

Code

Published 16 May 2026 For Head of IT, CISO

Cursor is in private preview. Join the waiting list and we will reach out when access opens up.

Join the waiting list

Rencore Cursor governance is a set of 22 policies, 3 reports, 6 segments, and 10 inventories that audit the Cursor AI coding IDE for cost overruns, unused seats, security gaps, and operational risks. It detects members exceeding spend limits, billing groups without budget controls, MCP servers connected to unapproved endpoints, and inactive users consuming paid seats.

57 governance capabilities: 10 inventories · 22 policies · 3 reports · 6 segments · 5 automations · 1 provisioning templates

Why govern Cursor with Rencore

Control AI coding costs

Track spending at the organization, billing group, and individual member level. Policies alert when a user exceeds their cost limit or a billing group spends beyond its monthly budget.
Manage seat utilization

Detect inactive members who haven't used Cursor in 90 days, seats assigned to users deactivated in Entra ID, and billing groups with more seats than active members.
Govern MCP servers and blocklists

Inventory MCP servers connected to Cursor instances and detect servers pointing to unapproved endpoints. Enforce repository blocklists to prevent code generation on restricted repositories.

What Rencore discovers

Rencore automatically inventories these Cursor object types.

Cursor Team

A Cursor team (workspace); the top-level container for members, usage, spend, billing groups, and analytics.
Cursor Member

Individual accounts with access to a Cursor team.
Cursor Billing Group

A Cursor billing group; collection of members sharing a monthly spend limit.
Cursor Audit Log

Audit events recorded by Cursor for a team (member changes, API key events, billing changes, repo blocklist edits).
Cursor Daily Usage

Daily usage rollup per member, including requests, lines, tabs, and model mix.
Cursor Member Spend

Per-member spend for the current billing cycle.
Cursor Repo Blocklist

Repositories blocklisted from Cursor indexing for the team.
Cursor MCP Server

Model Context Protocol servers used by members of a Cursor team.
Cursor Model Usage

Per-model usage analytics for the team (requests, unique users, total cost).
Cursor Client Version

Cursor client versions in use across the team, with platform and usage.

How Cursor governance works in Rencore

Rencore connects to Cursor via the Cursor API and inventories members, billing groups, usage data, spend data, MCP servers, and repository blocklists. Policies run on every scan cycle and flag cost overruns, unused seats, and security issues with severity levels and recommended actions.

The AI coding tool governance gap

Developer teams adopting Cursor face per-seat costs that scale quickly, especially with premium models. Without governance, inactive seats accumulate, individual developers exceed spending limits, and MCP server connections bypass security review. Rencore brings the same governance visibility to AI coding tools that organizations expect for their SaaS platforms.

Who uses Cursor governance

Heads of IT use cost policies to keep AI coding spend within approved budgets. CISOs review MCP server connections and repository blocklists to enforce security boundaries. Engineering leads use adoption reports to measure team productivity gains.

Getting started

Provide Rencore with Cursor API credentials. All 22 policies activate on first scan, covering members, billing groups, usage, and MCP servers. No per-user configuration required.

Policies

22 governance rules that detect violations and risks.

Severity Category

Cursor Privacy Mode is disabled

Detects Cursor teams with Privacy Mode turned off.

High Security
Cursor non-SSO login detected

Detects login events without an SSO marker in their parameters.

High Security
Cursor rogue MCP server

Detects MCP servers whose name does not match the approved allowlist.

High Operation
Cursor member over monthly spend limit

Detects members whose current-cycle spend is above $150.

High Costs
Cursor team near monthly budget

Detects teams whose last-30-days spend is above $4000.

High Costs
Cursor user using disallowed model

Detects use of models not on the approved allowlist.

High Adoption
Cursor member deactivated in Entra ID

Detects Cursor members who are deactivated in the parent Entra ID.

Medium Security
Cursor external guest member

Detects Cursor members that are external users in Entra ID.

Medium Security
Cursor team has too many admins

Detects Cursor teams with more than 5 admins.

Medium Security
Cursor admin API key older than 90 days

Detects admin API keys where the last rotation event is more than 90 days old.

Medium Security
Cursor user API key proliferation

Detects frequent user API key creation events.

Medium Security
Cursor member without spend limit

Detects members with no monthly spend limit configured.

Medium Costs
Cursor inactive seat still billed

Detects Cursor members that have been inactive for 30+ days.

Medium Costs
Cursor removed member with current-cycle usage

Detects mid-cycle member removals that still had usage.

Medium Costs
Cursor excessive BYO-key usage

Detects models predominantly served via user-supplied API keys.

Medium Costs
Cursor high BYOK share

Detects models with substantial BYO-key volume (>500 requests).

Medium Adoption
Cursor outdated client version

Detects Cursor client versions known to be more than 2 versions behind.

Low Operation
Cursor unused billing group

Detects Cursor billing groups that have zero members.

Low Sprawl
Cursor high-spend member

Detects members with current-cycle spend above $300.

Low Costs
Cursor orphaned repo blocklist entry

Detects repo blocklist entries older than 90 days.

Low Sprawl
Cursor member never activated

Detects members that joined more than 30 days ago and never became active.

Low Sprawl
Cursor duplicate billing groups

Detects billing groups likely to be duplicates of an existing group.

Low Sprawl

Need a rule that isn't listed? Rencore's Policy Builder lets you create custom policies tailored to your organization. Learn more about the Policy Builder

Reports

3 analytics views and dashboards.

Cursor monthly spend by member

Top 10 members by current-cycle spend.

Bar Chart · Costs
Cursor weekly active users

Distinct active members per week over the last year.

Line Chart · Operation
Cursor model mix; last 30 days

Distribution of requests across models in the last 30 days.

Donut Chart · Operation

Automations

5 automated remediation workflows.

Remove Cursor Member

Automatically removes a member from the Cursor team after approval
Set Cursor User Spend Limit

Automatically sets a per-user monthly spend limit on a Cursor member after approval
Delete Cursor Billing Group

Automatically deletes a Cursor billing group after approval
Update Cursor Billing Group

Automatically updates the spend limit on a Cursor billing group after approval
Delete Cursor Repo Blocklist Entry

Automatically removes a repo from the Cursor blocklist after approval

Segments

6 data groupings for targeted filtering.

Inactive Cursor members

Members that have not been active in the last 30 days.
Cursor team admins

Members with admin role on the Cursor team.
External guest Cursor members

Cursor members linked to external/guest Entra ID accounts.
Cursor members without spend limit

Members without a per-user monthly spend limit configured (Enterprise tier only).
Cursor members with high current-cycle spend

Members whose current-cycle spend exceeds $200.
Cursor BYO-key models

Models predominantly served via user-supplied API keys.

Provisioning Templates

1 resource creation templates.

Create Cursor billing group with approval

Request a new Cursor billing group with approval of your manager

Frequently asked questions

Does Rencore support governance for AI tools beyond Microsoft Copilot?

Yes. Rencore connects to Claude, OpenAI, Gemini, GitHub Copilot, Cursor, Windsurf, AWS Bedrock, Azure AI Foundry, and other AI platforms. Each connector provides tailored policies for cost management, security, adoption tracking, and access control, giving IT a unified governance view across all AI tools the organization uses.

What is Rencore governance?

Rencore governance is a SaaS platform that continuously monitors your Microsoft 365 tenant for policy violations, configuration drift, and security risks across SharePoint, Teams, Power Platform, Copilot, and AI Agents. It automates compliance evidence collection, surfaces oversharing and sprawl, and provides actionable remediation workflows, reducing manual audit effort by up to 80%.

How do Rencore policies work?

Rencore ships with hundreds of pre-built policies that detect governance violations across every connector, oversharing, sprawl, cost overruns, security risks, and compliance gaps. Policies run on a continuous schedule, evaluate each discovered object against configurable rules, and flag violations with severity (High, Medium, Low), category, and a recommended action.

Trusted by