Jan 2026
Moltbook
1.5M API keys leaked, three days post-launch. AI built tables without RLS; the anon key was a master key.
Post-mortemFor Cursor / Claude Code / Lovable / v0 / Replit Agent
The seat-belt for
vibe-coded apps.
2026's pattern is clear: an AI agent eventually does something to your Supabase project you didn't intend. Suparbase is the layer that catches the RLS drift in 30 seconds and lets you undo the bad session with one button.
The 2026 pattern
Three real incidents. Same shape.
Every other week a vibe-coded Supabase project gets destroyed in public. The cause is almost always one of two things: RLS was wrong, or an AI agent ran one too many commands.
Feb 2026
Lovable (CVE)
170 of 1,764 scanned apps had inverted RLS: 'if you're logged in, you can read every row'. 80% of vibe-coded apps share that mistake.
Scan write-upApr 2026
PocketOS
Cursor's Claude Opus agent deleted the production database AND every backup in 9 seconds. No way to undo.
Tom's HardwareWhat you get
The four things missing from every vibe-coding toolkit.
Continuous RLS drift detection
Sentry probes every public table with the actual anon key every time you scan. If RLS gets disabled or a permissive policy slips through, you know in 30 seconds, not next Tuesday in a Supabase email.
One-click quarantine
When a critical finding lands, apply a temporary deny-all RLS policy with one button. The bleeding stops. The Lift button drops the policy when you've fixed the root cause.
Per-AI-agent session attribution
Every write that goes through Suparbase's proxy is fingerprinted by User-Agent: Cursor, Claude Code, Replit Agent, Lovable, v0, the Vercel AI SDK, your own MCP server. Sessions group writes from the same agent within a 5-minute window.
One-click session undo
When an agent does the unthinkable, click Undo. Every INSERT, UPDATE, and DELETE in the session is reversed in a single Postgres transaction. PocketOS would have had a button. You do.
The everyday stack
Plus everything an admin tool should do, AI-aware.
Suparbase started as the workspace you actually want next to your AI editor. The Sentry layer sits on top.
AI chat that reads your schema
Persistent conversations per project. The agent lists tables, inspects columns, runs filtered reads, drafts writes you confirm in a diff card. Tools include aggregate, list_indexes, audit_summary.
SQL playground
Read-only by default. Statement timeout. EXPLAIN. Recent dropdown. The agent's writes appear here as proposals before they apply.
RLS simulator
Paste a JWT claim set, pick a verb, run the query. Allow / deny per policy, all inside a transaction that rolls back. Find the bug before production does.
How to wire it
Five minutes from incident to safety net.
Add your Supabase project
Paste the project URL + an anon key on the new-connection page. Optionally add the Direct Postgres URL on the same screen, this unlocks Sentry's pg_policies inspection and one-click session undo.
Open /c/<id>/sentry and run a scan
Baseline your exposure today. Sentry will list any anon-readable tables, missing-or-permissive RLS policies, and any PII-shaped columns currently exposed.
Let the AI agents code
Cursor, Claude Code, Replit Agent, Lovable, v0, Vercel AI SDK: pick your tool. Suparbase identifies each one from the User-Agent on every authenticated write and groups their mutations into sessions.
If something goes wrong, click Undo session
Suparbase walks the audit log for that session in reverse and reverts every INSERT / UPDATE / DELETE in a single transaction. Either it all reverses or nothing changes.
Catch the next one before the headline.
Free tier for solo projects. Five minutes to set up. The seat-belt your AI agent doesn't have.