Cursor Head of Security Travis McPeak on securing agents without slowing work
In this episode
For Travis McPeak, chaos has always been part of the job of securing companies like Netflix, Databricks, and IBM. Now, as Cursor’s Head of Security, he’s tackling the industry-wide problem of securing AI-powered software development. In his conversation with 1Password CTO Nancy Wang and Google Gemini’s Dev Tagare, Travis rejects the idea that security is a blocker and challenges the assumption that agents can be trusted users.
Why AI agents can’t be trusted users
The hardest security decisions are about what not to protect
Everything in security is a proxy, including agents
Secure-by-default doesn’t mean slowing productivity
AI-generated code isn’t vibe-coding if a human verifies the work
Also available in audio format on the following platforms: Apple Podcasts, Spotify
Travis McPeak
Travis McPeak is a security leader focused on making security automatic, scalable, and developer-friendly. He currently leads security at Cursor, working on secure-by-default patterns for AI-assisted coding. Previously, he was founder and CEO of Resourcely and held security leadership roles at Databricks and Netflix, where he built systems like Repokid to enforce least privilege at AWS scale. He is also the creator of Bandit, a widely used Python security linter, and an active advisor and investor in security startups, with deep roots in the open source and OWASP communities.
Get the episode transcript
More episodes
OpenAI Agent Security Lead Fotis Chantzis discusses one of the biggest unsolved problems in AI
