> The cursor assistant operates the Supabase database with elevated access via the service_role, which bypasses all row-level security (RLS) protections.
This should never happen; it's too risky to expose your production database to the AI agents. Always use read replicas for raw SQL access and expose API endpoints from your production database for write access. We will not be able to reliably solve the prompt injection attacks in the next 1-2 years.
We will likely see more middleware layers between the AI Agents and the production databases that can automate the data replication & security rules. I was just prototyping something for the weekend on https://dbfor.dev/