问HN:使用Cursor的公司是如何处理合规问题的?
我正在考虑是否为我们公司采用Cursor,但我们处于一个高度监管的行业,我们的合规团队对HIPAA/SOC2/审计追踪表示担忧。
问题是,确实有一些受监管行业的公司在使用它[1][2]。但Cursor没有HIPAA BAA,没有FedRAMP认证,并且是完全基于云的,所有请求都通过他们的AWS基础设施进行路由。(这对于Claude和其他编码助手可能也是如此,尽管我只认真研究过Cursor。)
那么,受监管的公司是如何实际运作的?还是大多数公司根本就避免使用Cursor和其他AI编码工具?
[1] 根据Bloomberry的数据,165家医疗公司使用Cursor:https://bloomberry.com/data/cursor/
[2] Cursor的客户包括赛诺菲、强生和神经链接:https://cursor.com/customers
查看原文
I'm trying to decide whether to adopt Cursor for our company, but we're in a heavily regulated industry and our compliance team is flagging concerns about HIPAA/SOC2/audit trails.<p>The thing is, there are companies in regulated industries using it [1][2]. But Cursor has no HIPAA BAA, no FedRAMP certification, and is cloud-only with all requests routing through their AWS infrastructure. (This is probably true for Claude and other coding assistants, though I've only looked seriously at Cursor.)<p>So how are regulated companies actually making this work? Or do most just avoid Cursor and other AI coding tools altogether?<p>[1] 165 healthcare companies use Cursor according to Bloomberry: https://bloomberry.com/data/cursor/<p>[2] Cursor's customers include Sanofi, Johnson & Johnson, and Neuralink: https://cursor.com/customers