Cursor AI Tool Stores OpenAI Keys in Plaintext SQLite Database

A new security tool, Sieve, uncovered that Cursor, an AI coding assistant, saves OpenAI API keys in a readable SQLite file. The flaw exposes developers to credential theft.

May 19, 2026 · 07:39 CEST 2 min read

By Cowlpane Staff AI-curated financial analysis for retail investors.

Lead

A security scanner called Sieve has revealed that Cursor, a popular AI coding assistant, stores OpenAI API keys in a plaintext SQLite database on users’ machines. The discovery raises concerns about credential exposure for developers who rely on Cursor’s integration with OpenAI.

Background

Cursor is an AI-powered coding tool that integrates with OpenAI’s API to provide code suggestions and completions. Developers typically store their OpenAI keys in a .env file, a plain‑text configuration file that contains environment variables. Many AI coding tools, including Cursor, Claude Code, Copilot, and Cline, read these .env files to load API keys during operation.

What Happened

According to a Hacker News post, a user was setting up an OpenAI integration in Cursor. The tool automatically read the user’s .env file, added the key to its configuration, and the integration worked as expected. However, the key was also written to a plaintext SQLite database located at ~/Library/ApplicationSupport/Cursor/User/workspaceStorage/…. This database is accessible on the user’s local machine and is not encrypted, meaning anyone with file‑system access could read the key.

The Sieve scanner, designed to detect leaked API keys, flagged this storage practice. It highlighted that the key was present in the SQLite file, exposing it to potential misuse if the file were accessed by malicious actors or inadvertently shared.

Market & Industry Implications

While the source material does not provide quantitative data, the incident underscores a broader issue in the AI coding tool market: the handling of sensitive credentials. Developers who use tools that automatically ingest .env files may unknowingly expose their keys if the tools do not implement secure storage practices. The revelation may prompt vendors to review their credential management workflows and could influence user trust in AI coding assistants.

What to Watch

Developers and vendors should monitor any updates from Cursor regarding credential storage. Additionally, the broader community may see increased scrutiny of how AI coding tools handle environment variables and local data persistence. Future security audits or disclosures from other AI coding platforms could further illuminate industry practices.

Name	Provider	Purpose	Expiry
Essential
cowlpane-consent	Cowlpane	Stores your cookie preferences	1 year
cowlpane-theme	Cowlpane	Remembers dark/light theme	Persistent
__cfruid	Cloudflare	DDoS protection & security	Session
Advertising (consent required)
IDE	Google	Ad targeting & frequency capping	13 months
_gads	Google	Connects browser to ad preferences	2 years
ANID	Google	Ad personalisation	13 months
Affiliate tracking (consent required)
session-id	Amazon	Affiliate purchase attribution	Session
ubid-main	Amazon	Browser ID for affiliate tracking	10 years

Lead

Background

What Happened

Market & Industry Implications

What to Watch

Read Next

Impetus Launches Leap AI Suite — Enterprise Developers Must Rethink Context Engineering

CircuitHub Secures $28M — Faster Hardware Turns AI Ideas into Products

Nobel Laureate Uses AI to Draft Novel — What It Means for AI‑Powered Content Startups