Security teams are blocking Cursor and Claude Code; OpenCode pitches a local-first alternative

According to a recent LogRocket post, some organizations are restricting cloud-based AI coding tools after security and compliance reviews, and the author suggests a “local-first” workflow as an alternative.

Key points (as described in the LogRocket article):

• Why tools may be blocked: policies that prohibit source code or sensitive context from being transmitted outside controlled networks during development.
• How requests are described to flow:
  • Cursor: code/context is sent to a Cursor-managed backend and then on to third-party model providers.
  • Claude Code: code/files and prompts are sent directly to Anthropic’s hosted services.
• Who the author says is most impacted: teams working with regulated or sensitive data (e.g., healthcare/PHI), audited environments (e.g., SOC 2), or government/contractor code.
• Alternative proposed by the author: OpenCode, an open-source agent that can run models locally via Ollama, reducing or eliminating the need to send code to external services.
• Models and integrations mentioned: local models (e.g., Qwen 2.5 Coder, DeepSeek Coder V2) and optional connections to various cloud providers via the project’s integrations.
• Performance notes cited: the post references SWE-bench results for a hosted model and offers rough token-throughput comparisons between local and cloud setups; treat the numbers as indicative and environment-dependent.