Cursor 2025 Update: Pricing Shift, Security Fix, Pro Launch & Competitive Comparison

Introduction

For broader context on AI coding tools, check out my comparison of vibe coding vs agentic engineering and 5 AI coding personas that actually work.

Cursor’s August 2025 update brings a new token‑based pricing model, a critical prompt‑injection security patch, the launch of Cursor Pro, and a clear view of how it stacks up against GitHub Copilot and other AI coding assistants. This quick‑read guide helps developers decide whether to stay, switch, or try both tools.

1. Pricing Shift – From Flat‑Rate to Token‑Based Billing

Effective September 15 2025, Cursor moves from a simple $20 /mo flat‑rate to a “competitive token rates” model. Tokens are the same unit used by OpenAI’s GPT‑4 and Anthropic’s Claude‑3, so costs now match actual usage.

• Old plan: Unlimited Auto usage for $20 /mo.
• New plan: Pay‑as‑you‑go token pricing (estimated $0.00002 per token) with a $20 /mo credit that covers roughly 1 M tokens.

For occasional users this can lower the bill, while heavy‑usage teams may see a price increase compared to Copilot’s flat‑rate.

Cost Comparison (per 1 M tokens)

Service	Token Price (USD)	Approx. Cost for 1 M tokens
Cursor Auto (new)	$0.00002	$20
GitHub Copilot (Chat)	$0.00003	$30
Amazon CodeWhisperer	$0.000015	$15
Cursor Pro (API)	$0.00002	$20 after $20 credit

2. Security Fix – Prompt‑Injection Vulnerability Patched

A serious prompt‑injection bug that could execute arbitrary shell commands was reported by The Hacker News. Cursor 2.12.3 (released Sep 2 2025) adds a sanitization layer and tighter sandboxing.

What you should do right now:

1. Update to version 2.12.3 or later (automatic for cloud users).
2. Audit recent commits for any suspicious commands that might have slipped through.
3. Enable Secure Prompt Mode in Settings → Security.

3. Talent Drive – Anysphere’s Hiring Sprint

Parent company Anysphere is aggressively hiring senior ML engineers from Anthropic, DeepMind, and other AI leaders. The goal is to build a next‑generation AI coding stack that can out‑perform Copilot’s suggestions.

Key hiring areas include:

• Retrieval‑Augmented Generation for code search.
• Multi‑language model fine‑tuning.
• IDE‑agnostic plug‑in architecture.

Watch for new beta features in Q4 2025 and early 2026.

4. Product Update – Cursor Pro Rollout

Cursor Pro adds unlimited Tab autocomplete, the powerful “Frontier” model (Claude‑3‑class), and a $20 /mo API credit. It also introduces a marketplace for community‑built extensions.

Pro Feature Snapshot

• Unlimited Tab & Frontier usage (no per‑token caps).
• $20 /mo credit ≈ 1 M tokens of Frontier.
• Enterprise‑grade controls: SSO, audit logs, on‑prem inference.
• Marketplace for plugins like security‑lint and DB schema inference.

Pricing overview:

Plan	Monthly Cost	Key Benefits
Cursor Free	$0	Basic Tab, 100 k tokens/mo
Cursor Pro (Individual)	$20	Unlimited Tab, $20 Frontier credit, priority support
Cursor Pro (Team)	$15 / seat	All Pro features + shared usage pool, SSO
Cursor Enterprise	Custom	On‑prem deployment, dedicated model, SLA ≥ 99.9%

5. Market & Financing – Cash‑Burn Outlook for AI‑Coding Agents

PitchBook’s July 2025 report says 70 % of investors expect AI‑coding agents to need > $150 M to reach profitability. The biggest cost drivers are model licensing, compute for fine‑tuning, and high customer‑acquisition costs.

Cursor’s numbers (Q2 2025):

• Series B: $120 M (June 2024).
• Revenue mix: 55 % Pro subscriptions, 30 % enterprise contracts, 15 % API usage.
• ARPU: $38 /mo, gross margin ≈ 68 %.

The token‑credit model improves margin flexibility, but conversion from free to paid remains a challenge.

6. Competitive Landscape – Cursor vs. GitHub Copilot (and Others)

Dimension	Cursor (2025)	GitHub Copilot (2025)	Amazon CodeWhisperer
Core model	Proprietary Tab + Frontier (Claude‑3‑class)	Copilot Chat (GPT‑4‑Turbo) + Codex‑style completions	Bedrock Claude‑2‑style
Pricing	Token‑credit + pay‑as‑you‑go	Flat $20 /mo unlimited	Free tier + pay‑per‑token
Security	Prompt‑injection fix (Sep 2025)	No known critical bugs (as of Aug 2025)	Regular sandbox updates
Extensibility	Marketplace (beta) for plugins	VS Code extensions, limited Actions	AWS Marketplace integrations
Enterprise	SSO, audit logs, custom on‑prem	SSO, policy controls, Enterprise Server	IAM integration, CloudWatch logs
Developer sentiment (StackOverflow 2025)	4.2/5 ↑	4.1/5 stable	3.8/5 ↓

Which tool fits your use‑case?

• Heavy token users (large monorepos) → Cursor Pro
• Teams that need a predictable bill → GitHub Copilot
• AWS‑centric environments → CodeWhisperer
• Developers who love community plugins → Cursor

7. What This Means for Developers

1. Re‑evaluate your cost model – calculate average monthly tokens and compare flat‑rate vs. token‑credit.
2. Update immediately to the patched version (2.12.3) to avoid RCE risk.
3. Try the Frontier model on a small project; its higher reasoning can cut debugging time.
4. Monitor Anysphere’s hiring news – new talent often translates into faster feature releases.
5. Consider a mixed‑tool strategy (Cursor Pro for advanced chat, Copilot for baseline autocomplete) to hedge pricing volatility.

8. Bottom Line

Cursor is maturing fast: token‑based pricing aligns cost with usage, the security patch restores production confidence, and Cursor Pro offers a compelling hybrid of unlimited autocomplete and high‑capacity LLM chat. The talent push shows a serious intent to out‑innovate Copilot. For developers, the key decision is **cost predictability vs. flexibility** and **feature depth vs. simplicity**. The next 12‑18 months will likely bring more token‑pricing convergence and tighter IDE integrations across the board.

Want a deeper dive? I can create a security remediation checklist, run a side‑by‑side benchmark, or break down the financial runway of AI‑coding startups.

Meta Description: Cursor 2025 update covers token‑based pricing, a prompt‑injection fix, Cursor Pro launch, and a detailed comparison with GitHub Copilot.

Focus Keywords: Cursor 2025, AI coding assistant pricing, Cursor Pro, prompt injection fix, AI coding market