Getting Cursor 4.6-opus-high-thinking for Free (A $600 Bug)
Last month I found a bug that let you use Cursor's 4.6-opus-high-thinking model for free, indefinitely. It got patched within days — but the implications are worth thinking about.
Last month I found a bug.
Cursor’s Cloud Agent mode lets you connect your GitHub account and pull repos. If you skip clicking “Save environment” during the setup phase, you can keep chatting with the setup agent — which runs on 4.6-opus-high-thinking — indefinitely.
Two caveats: no file attachments (images aside), and skills need to be manually pasted into the chat.
I ran it for hours. The setup agent session never generated any billing.
The hole got patched within days. Prompt injection attempts in the setup phase now get an immediate refusal.
The Full Exploit (For Reference)
- Open Cursor, enter Cloud Agent mode
- Connect your GitHub account, authorize repo access
- During the setup environment phase, pick a base environment config
- Critical step: when the agent starts initializing, do NOT click “Save environment”
- Start chatting directly — you’re now in a setup agent session, not a regular Agent session
- The setup agent uses 4.6-opus-high-thinking by default, and generates no billing
Why Was There No Billing?
Cursor’s setup agent is designed for first-time environment configuration — the model cost is covered by Cursor as part of the onboarding experience. By not saving the environment, you keep that temporary session alive indefinitely.
It Got Patched
Within days, Cursor pushed a hotfix. Now any prompt injection attempt during setup gets an immediate refusal — the agent stops processing.