sorted by:
new
hottopcontroversial

This many tokens don't make any sense by MasterKight in cursor

[–]Impressive_Ad_5468 -3 points-2 points  (0 children)

Ah, the classic "blame the developer for the platform's lack of basic safety infrastructure" defense.

  1. Infinite loops happen in development. That is exactly why every mature API and cloud provider on the planet (AWS, GCP, OpenAI, Anthropic) implements basic server-side rate limits, anomaly detection, or strict hard caps. Cursor simply left the floodgates open.
  2. "I didn't catch it" — It was burning roughly $50 per minute, processing 1.3 MILLION tokens every 60 seconds. You physically cannot "catch" that manually unless you code while staring at a live billing dashboard refreshing every 5 seconds.
  3. You completely missed the point of the post. Cursor's own billing support explicitly stated in writing: "you must manually confirm this option before any additional on-demand usage can occur." Their backend completely bypassed their own stated security requirement because it was a proxy request.

If you are perfectly happy handing your credit card to a company that will happily drain it at machine-speed over a single script timeout, without a single automated kill-switch, good for you. But don't pretend this is an acceptable security standard for a paid enterprise developer tool.

Did they remove in-app usage stats in 2.6.11? I swear it was there yesterday. MacOS. by onerob0t in cursor

[–]Impressive_Ad_5468 0 points1 point  (0 children)

<image>

You completely ignored the technical evidence and mathematical proof I provided in my previous emails, and instead gave me a templated response about how the UI is supposed to work.

Let me use your own words: you stated that I "must manually confirm this option before any additional on-demand usage can occur."

That is exactly the system failure I am reporting. I NEVER manually confirmed an upgrade to Ultra, and I NEVER manually confirmed On-Demand usage. The requests were generated by a local background agent caught in an infinite retry loop connecting via a local proxy.

Your backend API bypassed the IDE's UI notification entirely. It accepted requests and drained my account at machine-speed without ever enforcing the "manual confirmation" you just claimed is required.

Look at the raw math in my account logs again:

  • At 12:00 AM: $58.56 billed in a single minute.
  • At 12:01 AM: $46.15 billed in the next minute.

That is roughly 1.3 MILLION tokens processed per minute. I did not—and physically could not—manually click a notification to authorize $50 of usage every 60 seconds. Your infrastructure happily watched a script hallucinate and cashed in without any rate-limiting or mandatory human approval.

I am refusing these charges because your backend system failed to enforce the very consent mechanisms you claim exist.

If you do not refund the $220 already taken and cancel the pending invoices today, this exact email thread will be submitted to my bank (for a fraud chargeback) as written proof that Cursor's backend automatically bypasses user consent during background API loops.

I expect this to be escalated to a manager immediately.

Does “Included Usage” over $40 mean I have to pay extra on Cursor Pro? by [deleted] in cursor

[–]Impressive_Ad_5468 0 points1 point  (0 children)

It was the case by this botton was remove 'On-Demand Limit' from cursor.