Cursor Keeps Writing IDOR Into Your APIs. Here's the Fix.

AI code generators like Cursor often create API endpoints vulnerable to Insecure Direct Object Reference (IDOR) by omitting ownership verification. This allows any authenticated user to access others' data, a flaw fixable by scoping queries to the requesting user or immediate ownership checks.