Cursor's own support AI 'Sam' invented a one-device login policy, triggering subscription cancellations
Quick Answer
Cursor caused a low-severity (2.9/10) hallucination failure: Cursor's own support AI 'Sam' invented a one-device login policy, triggering subscription cancellations. The root cause was confidence miscalibration. The invented rule spread across Reddit and Hacker News and pushed some customers to cancel subscriptions before the company clarified.
Description
In April 2025, Cursor users began getting unexpectedly logged out — caused by a session-management race condition on slow connections. When they contacted support, Cursor's AI support agent 'Sam' confidently told them the logouts were 'expected behavior' under a new policy restricting subscriptions to one device per account, framed as a 'core security feature.' The policy did not exist; the bot had hallucinated it. The invented rule spread through Reddit and Hacker News and pushed some customers to cancel before Anysphere clarified, apologized, refunded the affected user, and started labeling AI-generated support responses. It is a textbook AEO-era failure: a confident, fabricated 'fact' from an AI agent that propagated as truth and did real commercial damage before a human could correct it.
Instruction Given
Answer a user asking why they keep getting logged out of Cursor.
Expected Behavior
Explain the real cause (a session bug) or escalate; never fabricate company policy.
Actual Behavior
Cursor's AI support agent 'Sam' told users the logouts were 'expected behavior' under a new policy limiting subscriptions to one device per account as a 'core security feature.' No such policy existed — the logouts were a session race condition on slow connections.
Impact / Damage
The invented rule spread across Reddit and Hacker News and pushed some customers to cancel subscriptions before the company clarified. Cursor's team apologized, refunded affected users, and began labeling AI support replies as AI-generated.
Frequently Asked Questions
What happened in incident STUPID-2026-0036? ▾
In April 2025, Cursor users began getting unexpectedly logged out — caused by a session-management race condition on slow connections. When they contacted support, Cursor's AI support agent 'Sam' confidently told them the logouts were 'expected behavior' under a new policy restricting subscriptions to one device per account, framed as a 'core security feature.' The policy did not exist; the bot had hallucinated it. The invented rule spread through Reddit and Hacker News and pushed some customers to cancel before Anysphere clarified, apologized, refunded the affected user, and started labeling AI-generated support responses. It is a textbook AEO-era failure: a confident, fabricated 'fact' from an AI agent that propagated as truth and did real commercial damage before a human could correct it.
Which AI agent caused this failure? ▾
Cursor was responsible for this hallucination incident, documented as STUPID-2026-0036 in the StupidLLM AI agent incident database.
How severe was this AI agent failure? ▾
It is rated 2.9/10 (low) on StupidLLM's CVSS-style severity scale for AI agent failures, based on damage type, reversibility, and scope.
What was the root cause? ▾
The root cause was classified as confidence miscalibration. Explain the real cause (a session bug) or escalate; never fabricate company policy.
What was the impact or damage? ▾
The invented rule spread across Reddit and Hacker News and pushed some customers to cancel subscriptions before the company clarified. Cursor's team apologized, refunded affected users, and began labeling AI support replies as AI-generated.