The vibe coding movement, as Paul Copplestone figures it, started last December—and we’re already a few eras in. “So, wave one of vibe coding was like, ‘You’ll never need more software,’” said Copplestone, CEO and cofounder of Supabase, an open source application development platform. “Wave two is, ‘Oh, you’ll never need to write code again.’… And then wave three, which we’re in now, is where these ideas converge—there’s a nice happy path for anyone who’s on their mobile, looking to build an app. They start ...

Core Viewpoint - The article highlights a significant vulnerability in the MCP protocol, which is widely used in the AI industry, allowing attackers to exploit LLM's instruction/data confusion to access databases directly [1][3]. Group 1: Vulnerability Details - The MCP protocol has become a standard in the agent field, effectively connecting large language models with various tool services, but it is susceptible to malicious instructions hidden within user data [3][5]. - Researchers demonstrated the security risks of LLMs by building a multi-tenant customer service SaaS system using Supabase, which includes a database, authentication, and file storage [5][21]. - The attack utilized default configurations, including standard service roles and row-level security (RLS), without any additional protective measures [6][21]. Group 2: Attack Process - The attacker submitted a technical support request with a message that disguised malicious instructions, which were processed normally by the system [9][10]. - When developers later accessed unresolved tickets, they inadvertently executed embedded instructions within the attacker's message, leading to unauthorized data access [12][13]. - The system generated SQL queries that bypassed RLS restrictions, allowing sensitive data to be displayed in the conversation thread [15][17]. Group 3: Risk Mitigation Measures - The article suggests two primary measures to reduce exposure to such attacks: using read-only modes to prevent unauthorized data manipulation and implementing prompt injection filters to intercept and manage high-risk inputs [22][23]. - These measures aim to create a first line of defense against potential exploitation, especially for teams using third-party IDEs where context boundaries are unclear [23].

Core Insights - The article discusses the rise of Vibe Coding, a new AI-driven programming model that allows developers to focus on product innovation and user experience rather than being constrained by programming languages, with AI generating executable code from natural language inputs [2][3]. Group 1: Supabase Overview - Supabase, founded in 2020, is an open-source alternative to Google Firebase, providing backend services such as database management, authentication, and real-time capabilities, which significantly reduce the complexity and time required for backend development [3][6]. - The platform has gained substantial traction, with over 170,000 developers in its community and more than 80,000 stars on GitHub, indicating its popularity and utility among developers [6][12]. Group 2: Key Features of Supabase - Supabase offers a PostgreSQL-based database that provides stable data storage and built-in authentication for precise user access control [3]. - The platform simplifies the login process through social account integration, allowing developers to quickly establish multi-channel authentication systems [4]. - Supabase automates backend resource management, enabling startups to reduce labor costs and accelerate product launches without the need for extensive code rewrites [4]. - It includes a storage solution that integrates seamlessly with its authentication and database services, allowing for secure and efficient content management [4]. - The real-time data synchronization feature supports collaborative tools and applications, ensuring consistent user experiences across multiple devices [4]. Group 3: Funding and Growth - Supabase completed a $200 million Series D funding round in April 2025, achieving a post-money valuation of approximately $2 billion, with participation from notable investors such as Accel and Coatue [6][13]. - Prior to this, Supabase raised $80 million in a Series C round in September 2024, reflecting a rapid increase in valuation from an estimated $900 million to $2 billion within seven months [13]. - The growth in funding and valuation highlights the company's rapid development in the open-source and AI programming sectors, driven by a growing developer community [13].

Core Insights - The article discusses the concept of "Vibe Coding," which allows individuals to create applications quickly using AI tools like Cursor and ChatGPT, even without programming knowledge [1] - It highlights the security vulnerabilities that can arise from this rapid development approach, illustrated by the experience of developer Harley Kimball, who faced two security breaches shortly after launching his application [1][10] Group 1: Vibe Coding and Application Development - "Vibe Coding" enables users to express ideas and have AI generate code, attracting many developers to experiment with this method [1] - Harley Kimball developed an application that aggregates public profiles of security researchers from various platforms, aiming to create a "directory" for the bug bounty community [2] Group 2: Security Vulnerabilities Encountered - The first security breach involved the exposure of user email addresses due to improper data handling, which led to unauthorized access to the database [5][6] - The second breach occurred because the backend authentication service remained active, allowing attackers to register accounts and manipulate data despite the absence of a front-end registration option [8][9] Group 3: Lessons Learned - The experience underscores the importance of not neglecting security configurations when using low-code or AI tools for development, as rapid deployment can lead to significant vulnerabilities [10] - Developers must understand the complexities of permission models in tools like Supabase and PostgreSQL, particularly regarding database views and row-level security [10][11] - It is crucial to fully disable registration features in the backend if not in use, as merely hiding them in the front end is insufficient to prevent unauthorized access [11]

Core Insights - Supabase has successfully positioned itself at the forefront of the "Vibe Coding" trend, completing a $200 million Series D funding round with a post-money valuation of $2 billion, reflecting its rapid growth and the increasing importance of open-source databases in the AI application era [1][22]. Group 1: Supabase's Growth and Funding - Supabase raised $200 million in its Series D funding round, led by Accel, with participation from Coatue, Y Combinator, Craft Ventures, and existing investors, bringing its total funding to nearly $400 million [1]. - The company has seen a significant increase in its valuation, reaching $2 billion just seven months after its previous funding round of $80 million [1]. - Supabase's user base has expanded to over 2 million developers, managing 3.5 million databases, and its GitHub repository has surpassed 81,000 stars, doubling in just two years [17]. Group 2: Vibe Coding and Development Workflow - The "Vibe Coding" workflow emphasizes rapid completion of the entire development process using various AI tools, from product documentation to database design and service implementation [2][5]. - Developers utilize generative AI tools to draft product requirement documents and generate database schemas, facilitating the creation of initial data models [4]. - The integration of Supabase with tools like Lovable and Bolt.new allows users to deploy full-stack applications without server setup, enhancing the development experience [5][8]. Group 3: AI Integration and Features - Supabase has integrated PGVector to support embedding storage, crucial for building retrieval-augmented generation (RAG) applications and other AI-related tasks [11]. - The company launched its AI assistant, which can automatically generate database schemas and fill in sample data, significantly aiding non-developers in backend prototype development [13]. - Recent developments include the launch of an official MCP server, enabling developers to connect popular AI tools directly to Supabase for various database management tasks [14]. Group 4: Competitive Positioning and Future Outlook - Supabase's open-source model and reliance on PostgreSQL differentiate it from other backend-as-a-service (BaaS) platforms like Firebase, which lock users into their ecosystems [22]. - The company aims to become the default backend for AI and enterprise applications, leveraging its funding to accelerate the adoption of "Vibe Coding" tools and large-scale deployments [22]. - Accel partners believe Supabase has the potential to dominate the high-value database sector, drawing comparisons to the rise of Oracle and MongoDB [22].

Core Insights - Supabase has rapidly emerged as a prominent player in the tech startup scene, being recognized as an "open-source alternative to Firebase" with significant developer engagement and community support [3][8] - The company recently secured $200 million in Series D funding, raising its post-money valuation to $2 billion, with notable investors including Accel and Coatue [5][9] - Supabase's business model combines open-source software with cloud services, allowing developers to utilize its core functionalities for free while offering paid managed services for those who prefer not to self-host [7][27] Company Overview - Supabase is defined as a Backend-as-a-Service (BaaS) platform that simplifies backend development for applications by providing a comprehensive suite of services, including database management, user authentication, and real-time data synchronization [6][16] - The platform is built on PostgreSQL, leveraging its stability and flexibility while adding modern features like real-time subscriptions and serverless functions [7][18] Growth and Community Engagement - The company has attracted over 2 million registered developers and achieved more than 81,000 stars on GitHub, indicating a strong community presence and rapid growth in the open-source infrastructure space [8][9] - Supabase's growth trajectory includes multiple funding rounds, starting from a $600,000 seed round in 2020 to the latest $200 million Series D round in 2025, showcasing its ability to attract investor interest [9][10] Market Position and Trends - The global BaaS market is projected to grow significantly, with sales expected to reach $34.02 billion in 2024 and $106.73 billion by 2031, driven by digital transformation and the explosion of mobile applications [24] - Supabase differentiates itself in a competitive landscape dominated by giants like Google Firebase and AWS by offering an open-source solution that avoids vendor lock-in and supports complex queries [25][26] Business Model and Revenue Generation - Supabase employs a "freemium" model, allowing users to start with free services and upgrade to paid plans as their needs grow, which helps in building a strong user base and community-driven growth [27][28] - The company has not disclosed specific revenue figures, but the continued investment interest suggests confidence in its business model and potential for sustainable growth [28] Strategic Advantages - Supabase is positioned at the intersection of three major trends: the rise of AI-driven development (Vibe Coding), the growing demand for open-source solutions, and the increasing popularity of PostgreSQL as a database choice among developers [30][31] - The platform's ease of use and standard API structure make it an ideal backend for AI-generated applications, enhancing its visibility and user adoption [30][31] Competitive Landscape - Supabase faces competition from established players like Oracle, which has a significant market share in enterprise database solutions, but it aims to capture the emerging market of modern applications that require agile and flexible backend solutions [33][36] - The company’s open-source approach allows it to attract a diverse range of users, from independent developers to large enterprises, seeking cost-effective and scalable backend solutions [19][26]

图片来源： Scale AI 2020 年，开源数据库 Supabase 成⽴时，其新西兰籍⾸席执⾏官 Paul Copplestone 未曾料到，公司会精准踩中 2025 年最⼤趋势Vibe Coding的⻛⼝。 根据财富报道，这家初创公司于4⽉末成果显现， 公司宣布完成由 Accel 领投的 2 亿美元 D 轮融资，投后估值达 20 亿美元，Coatue、Y Combinator、 Craft Ventures 及⻓期投资者 Felicis 参与本轮投资。 此次新获 2 亿美元融资，距离 Supabase 宣布由 Peak XV（红杉分拆机构）和 David Sacks 的 Craft Ventures 领投 8000 万美元仅七个⽉。当时公司未对估值 置评，但 PitchBook 数据显⽰约为 9 亿美元。 参考资料 ⾄此，这家初创公司总融资额已达约 3.98 亿美元。 Supabase 再次证明了开源项⽬在商业上的巨⼤成功潜⼒。它提供了 Firebase 的开源版本，这是⾕歌的 数据库 AI 应⽤开发平台，并以每⽉最⾼ 600 美元的价格托管应⽤，企业⽤⼾费⽤更⾼。 Supabase 将开源 SQL ...