Cursor is transforming how developers write code with their AI-powered code editor. In full startup mode with rapid growth, everyone on the team pitches in and does whatever they're good at to help the business succeed. For Travis McPeak, that means handling "any and all security" work.

When Travis joined Cursor, one of his first priorities was turning on all logging across their organization. While appearing as a straightforward security hygiene task, an immediate massive bill spike in their existing SIEM solution caused concern.

"After I turned on even just one additional account's logs, I got looped into an incident because the bill spiked super high," Travis recalls. "I didn't realize it would do that."

The problem was clear: their existing logging solution wouldn't scale for the rapidly growing business and team.

The old SIEM playbook doesn't work anymore

Traditional SIEM solutions create incredible friction that security teams often need entire data engineering pipelines just to ingest new log sources.

"You see so many solutions where people have to buy expensive add-on tools because their SIEM is so expensive that they have to do data engineering before they can ingest a new source," Travis notes. "So now the security team can't just say 'we want this.' They have to work with data engineers, and they have to use additional solutions to filter out the data you don't need."

In that kind of environment, adding a new log source might take weeks or even months (not including the time to build detections once you finally get the data ingested).

"With RunReveal, if I get it to S3, everything else is done," Travis says. "From there, it's super easy. I can add a new [source], write the detection, read queries, find the data that I want, and wire it up to get alerts for it, all within an hour or two. That compared to existing tool stacks that would be weeks or more."

Cursor on Cursor: The AI-native security workflow

What makes Cursor's approach particularly interesting is how they've combined their own AI-power with RunReveal's AI capabilities to create a completely new security workflow.

Travis does his security work in Cursor, talking to AI in natural language. The AI uses RunReveal's platform to build detections, run queries, and investigate incidents. It's the same philosophy that powers Cursor's product applied to security operations: natural language input, AI-powered execution, and fast results.

"One of my favorite things about RunReveal is I just talk in Cursor to AI, and it builds the detections for me and runs them," Travis explains.

The workflow has two main patterns. The first starts with a new log source. Travis gets the logs to an S3 bucket and wires it to RunReveal. Then he chats with AI via the integration to do exploratory analysis, understanding what information is available.

When he identifies something he wants to monitor, he writes it in plain English: "Can you find when this happens?" The AI writes queries, debugs them, and tests them. Once it's working well, Travis converts it to detection-as-code. Those detections either sync manually or get checked into their pipeline, where they run continuously.

The second workflow handles incident investigation. When something happens and Travis needs to understand it quickly, he fires up his RunReveal workspace in Cursor and asks the AI in plain language to use the logs to find what happened. "It gets there very, very fast," he notes.

For a company like Cursor that's building AI-native developer tools, using AI-native security tools isn't just a nice-to-have, it's also a philosophical alignment. The same principles that make Cursor powerful for developers apply to security operations: reduce friction, leverage AI to handle complexity, and make powerful capabilities accessible through natural language.

The difference, Travis explains, comes down to architecture. "The old SIEMs weren't built with any of the cool cloud-native, AI stuff, and it shows. And those things actually tend to be very important for a SIEM."

Democratizing security investigations

Before RunReveal, Cursor's infrastructure team had to manually dig through AWS to try to find what they needed. What's powerful about the AI-native approach is how it lowers that bar.

This matters because Travis doesn't work in isolation. He works closely with their infrastructure team, collaborating closely on building out their cloud environment. He wants the infrastructure team to be able to use their security logs too, because they're working on things that would benefit from the logging and investigation capabilities he's already set up. And RunReveal's AI agent makes security investigations accessible to people who need answers but shouldn't have to become experts on SQL or log formatting to get them.

A vendor relationship built on communication

Beyond the technology, what gives Travis confidence is the partnership with RunReveal itself. "The [RunReveal] team is mega responsive and obviously loves the product and is very knowledgeable about it," he notes.

That responsiveness matters because Travis isn't using RunReveal in a cookie-cutter way. When he showed the RunReveal team how he was using the query functionality, the response was surprising: they hadn't seen anyone use it quite that way before. But instead of pushing back, they engaged with the feedback.

"When I buy something, I want to know that it's not gonna end up messed up and then I have to fight with it," Travis says. "I got that confidence very early, and they've always continued to earn that, which is important."

Why AI-first works (and is the future!)

For Cursor, RunReveal solved a fundamental problem: how to do proper security logging and detection without creating incidents every time you add a new log source. But the real value goes deeper than time savings.

By combining their own AI-powered development environment with RunReveal's AI-native security platform, Cursor created a security workflow that moves at startup speed. New log sources go from idea to monitored in hours, not weeks. Investigations happen through natural language conversations, not manual query construction. Detection engineering becomes accessible to anyone who can describe what they want to find.

It's the same transformation Cursor is driving in software development, applied to security operations.