According to community forums and developer discussions, several developers and users who are attempting to access Cursor are met with a sudden block message, “Your request has been blocked as our system has detected suspicious activity from your account.”
The issue, which appears to have affected users across both free and paid tiers, triggered widespread confusion across the developer community.
AIM was able to independently verify the error on Thursday. When users sought assistance, Cursor’s AI support pointed to potential VPN usage as a cause and suggested steps like creating a new account via Google or GitHub, and subscribing to Cursor Pro to try again later.
These suggestions proved unhelpful for most. Subsequent queries received an automated escalation: “I’m connecting you with a teammate who can help review this further.”
Reports on Cursor’s forums indicate the problem was widespread, impacting users regardless of their subscription level or the model in use. One developer noted, “Claude 3.7 works perfectly in one window, but fails in the other. If I switch to 3.5 or automatic, it works fine. It makes no sense.”
A frustrated developer commented on the forum, “Remove the message check altogether soon, otherwise my team of 80 people each with a pro subscription will leave your cursor for better analogues”.
Others confirmed they were not using VPNs at all, contradicting Cursor’s initial assumption.
Eventually, a community developer from Cursor addressed the situation, attributing the blocks to an overzealous anti-fraud system activated in the past 24 to 48 hours.
“For a short while, this detection was overly sensitive, causing some false positives,” they said. “We have now tuned this down, so you should no longer be seeing any issues.”
This system was most likely activated in response to thousands of students trying to subscribe to Cursor Pro for free.
While the situation appears to be stabilising, AIM was able to make it work, some users in the forum still report the issue happening. AIM also reached out to Cursor for a comment on the situation, but did not get a response yet.
With developers cancelling Cursor subscriptions and switching to something else, an incident like this could make it worse for the company. It also highlights the trade-offs companies face when scaling platform security to prevent abuse.
