ByteBrief

Best read upright.

We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.

(We tried widescreen once. It wasn't us.)

ByteBrief

AISupabase10 months ago

Defense in Depth for MCP Servers

1 min read

A General Analysis blog post showed that a Supabase MCP server accessed through Cursor can leak an entire SQL database via a Stored Prompt Injection attack. The attack places malicious instructions in data fields that direct the MCP server to pull private data and write it back to a visible text field. Simon Willison first raised the issue in June, calling it the Lethal Trifecta of private data access, external communication, and untrusted content.

Level

Hype check

Tap to vote and see what everyone thinks.

#mcp #supabase #prompt injection