Securely Indexing Large Codebases

Source: https://cursor.com/blog/secure-codebase-indexing Author: Jeremy Stribling Date: 2026-01-28

Summary

Cursor’s engineering post on how they handle codebase indexing for semantic search while maintaining security and privacy. The core tension: agents need to understand codebases, but codebases contain sensitive business logic.

Key Claims

  • Cursor’s approach: index code embeddings client-side, send only embeddings (not raw code) to their servers for retrieval.
  • Privacy model: the raw code never leaves the user’s machine; only vector representations are transmitted.
  • Teammate sharing: cursor allows sharing embeddings within a team so semantic search benefits from teammates’ context.
  • The embedding privacy question: embeddings are not perfectly opaque — some information can be recovered. Cursor acknowledges this limitation.
  • Performance: semantic search across large codebases (millions of lines) returns results in <100ms using approximate nearest-neighbor search.

Entities

  • Cursor — AI code editor

Concepts

  • Coding Agents — codebase indexing is the core context problem for coding agents
  • Context Engineering — retrieval from indexed codebase as context injection