Core Insights - The vibe coding movement has evolved through multiple waves, with the current phase focusing on mobile app development and seamless transitions between devices [2] - Supabase, an open-source application development platform, has seen significant growth, increasing its user base from 1 million to over 4 million developers in the past year, with AI builders making up about 30% of new signups [2][3] - Supabase recently raised $100 million in Series E funding, achieving a valuation of $5 billion, bringing total funding to $500 million since its inception in 2020 [3][4] Company Developments - Supabase's Series E funding round was primarily restricted to existing investors, with Figma being the only new institutional investor [4] - The company aims for a future valuation of $50 billion to $100 billion, emphasizing the importance of existing investors in achieving this goal [5] - Supabase's CEO believes that while coding may become easier, there will still be a strong interest in coding and development, leading to a potential increase in the number of people wanting to build applications [5]

Core Viewpoint - The article highlights a significant vulnerability in the MCP protocol, which is widely used in the AI industry, allowing attackers to exploit LLM's instruction/data confusion to access databases directly [1][3]. Group 1: Vulnerability Details - The MCP protocol has become a standard in the agent field, effectively connecting large language models with various tool services, but it is susceptible to malicious instructions hidden within user data [3][5]. - Researchers demonstrated the security risks of LLMs by building a multi-tenant customer service SaaS system using Supabase, which includes a database, authentication, and file storage [5][21]. - The attack utilized default configurations, including standard service roles and row-level security (RLS), without any additional protective measures [6][21]. Group 2: Attack Process - The attacker submitted a technical support request with a message that disguised malicious instructions, which were processed normally by the system [9][10]. - When developers later accessed unresolved tickets, they inadvertently executed embedded instructions within the attacker's message, leading to unauthorized data access [12][13]. - The system generated SQL queries that bypassed RLS restrictions, allowing sensitive data to be displayed in the conversation thread [15][17]. Group 3: Risk Mitigation Measures - The article suggests two primary measures to reduce exposure to such attacks: using read-only modes to prevent unauthorized data manipulation and implementing prompt injection filters to intercept and manage high-risk inputs [22][23]. - These measures aim to create a first line of defense against potential exploitation, especially for teams using third-party IDEs where context boundaries are unclear [23].

Core Insights - The article discusses the rise of Vibe Coding, a new AI-driven programming model that allows developers to focus on product innovation and user experience rather than being constrained by programming languages, with AI generating executable code from natural language inputs [2][3]. Group 1: Supabase Overview - Supabase, founded in 2020, is an open-source alternative to Google Firebase, providing backend services such as database management, authentication, and real-time capabilities, which significantly reduce the complexity and time required for backend development [3][6]. - The platform has gained substantial traction, with over 170,000 developers in its community and more than 80,000 stars on GitHub, indicating its popularity and utility among developers [6][12]. Group 2: Key Features of Supabase - Supabase offers a PostgreSQL-based database that provides stable data storage and built-in authentication for precise user access control [3]. - The platform simplifies the login process through social account integration, allowing developers to quickly establish multi-channel authentication systems [4]. - Supabase automates backend resource management, enabling startups to reduce labor costs and accelerate product launches without the need for extensive code rewrites [4]. - It includes a storage solution that integrates seamlessly with its authentication and database services, allowing for secure and efficient content management [4]. - The real-time data synchronization feature supports collaborative tools and applications, ensuring consistent user experiences across multiple devices [4]. Group 3: Funding and Growth - Supabase completed a $200 million Series D funding round in April 2025, achieving a post-money valuation of approximately $2 billion, with participation from notable investors such as Accel and Coatue [6][13]. - Prior to this, Supabase raised $80 million in a Series C round in September 2024, reflecting a rapid increase in valuation from an estimated $900 million to $2 billion within seven months [13]. - The growth in funding and valuation highlights the company's rapid development in the open-source and AI programming sectors, driven by a growing developer community [13].

Core Insights - The article discusses the concept of "Vibe Coding," which allows individuals to create applications quickly using AI tools like Cursor and ChatGPT, even without programming knowledge [1] - It highlights the security vulnerabilities that can arise from this rapid development approach, illustrated by the experience of developer Harley Kimball, who faced two security breaches shortly after launching his application [1][10] Group 1: Vibe Coding and Application Development - "Vibe Coding" enables users to express ideas and have AI generate code, attracting many developers to experiment with this method [1] - Harley Kimball developed an application that aggregates public profiles of security researchers from various platforms, aiming to create a "directory" for the bug bounty community [2] Group 2: Security Vulnerabilities Encountered - The first security breach involved the exposure of user email addresses due to improper data handling, which led to unauthorized access to the database [5][6] - The second breach occurred because the backend authentication service remained active, allowing attackers to register accounts and manipulate data despite the absence of a front-end registration option [8][9] Group 3: Lessons Learned - The experience underscores the importance of not neglecting security configurations when using low-code or AI tools for development, as rapid deployment can lead to significant vulnerabilities [10] - Developers must understand the complexities of permission models in tools like Supabase and PostgreSQL, particularly regarding database views and row-level security [10][11] - It is crucial to fully disable registration features in the backend if not in use, as merely hiding them in the front end is insufficient to prevent unauthorized access [11]

Core Insights - Supabase has successfully positioned itself at the forefront of the "Vibe Coding" trend, completing a $200 million Series D funding round with a post-money valuation of $2 billion, reflecting its rapid growth and the increasing importance of open-source databases in the AI application era [1][22]. Group 1: Supabase's Growth and Funding - Supabase raised $200 million in its Series D funding round, led by Accel, with participation from Coatue, Y Combinator, Craft Ventures, and existing investors, bringing its total funding to nearly $400 million [1]. - The company has seen a significant increase in its valuation, reaching $2 billion just seven months after its previous funding round of $80 million [1]. - Supabase's user base has expanded to over 2 million developers, managing 3.5 million databases, and its GitHub repository has surpassed 81,000 stars, doubling in just two years [17]. Group 2: Vibe Coding and Development Workflow - The "Vibe Coding" workflow emphasizes rapid completion of the entire development process using various AI tools, from product documentation to database design and service implementation [2][5]. - Developers utilize generative AI tools to draft product requirement documents and generate database schemas, facilitating the creation of initial data models [4]. - The integration of Supabase with tools like Lovable and Bolt.new allows users to deploy full-stack applications without server setup, enhancing the development experience [5][8]. Group 3: AI Integration and Features - Supabase has integrated PGVector to support embedding storage, crucial for building retrieval-augmented generation (RAG) applications and other AI-related tasks [11]. - The company launched its AI assistant, which can automatically generate database schemas and fill in sample data, significantly aiding non-developers in backend prototype development [13]. - Recent developments include the launch of an official MCP server, enabling developers to connect popular AI tools directly to Supabase for various database management tasks [14]. Group 4: Competitive Positioning and Future Outlook - Supabase's open-source model and reliance on PostgreSQL differentiate it from other backend-as-a-service (BaaS) platforms like Firebase, which lock users into their ecosystems [22]. - The company aims to become the default backend for AI and enterprise applications, leveraging its funding to accelerate the adoption of "Vibe Coding" tools and large-scale deployments [22]. - Accel partners believe Supabase has the potential to dominate the high-value database sector, drawing comparisons to the rise of Oracle and MongoDB [22].

Core Insights - Supabase has rapidly emerged as a prominent player in the tech startup scene, being recognized as an "open-source alternative to Firebase" with significant developer engagement and community support [3][8] - The company recently secured $200 million in Series D funding, raising its post-money valuation to $2 billion, with notable investors including Accel and Coatue [5][9] - Supabase's business model combines open-source software with cloud services, allowing developers to utilize its core functionalities for free while offering paid managed services for those who prefer not to self-host [7][27] Company Overview - Supabase is defined as a Backend-as-a-Service (BaaS) platform that simplifies backend development for applications by providing a comprehensive suite of services, including database management, user authentication, and real-time data synchronization [6][16] - The platform is built on PostgreSQL, leveraging its stability and flexibility while adding modern features like real-time subscriptions and serverless functions [7][18] Growth and Community Engagement - The company has attracted over 2 million registered developers and achieved more than 81,000 stars on GitHub, indicating a strong community presence and rapid growth in the open-source infrastructure space [8][9] - Supabase's growth trajectory includes multiple funding rounds, starting from a $600,000 seed round in 2020 to the latest $200 million Series D round in 2025, showcasing its ability to attract investor interest [9][10] Market Position and Trends - The global BaaS market is projected to grow significantly, with sales expected to reach $34.02 billion in 2024 and $106.73 billion by 2031, driven by digital transformation and the explosion of mobile applications [24] - Supabase differentiates itself in a competitive landscape dominated by giants like Google Firebase and AWS by offering an open-source solution that avoids vendor lock-in and supports complex queries [25][26] Business Model and Revenue Generation - Supabase employs a "freemium" model, allowing users to start with free services and upgrade to paid plans as their needs grow, which helps in building a strong user base and community-driven growth [27][28] - The company has not disclosed specific revenue figures, but the continued investment interest suggests confidence in its business model and potential for sustainable growth [28] Strategic Advantages - Supabase is positioned at the intersection of three major trends: the rise of AI-driven development (Vibe Coding), the growing demand for open-source solutions, and the increasing popularity of PostgreSQL as a database choice among developers [30][31] - The platform's ease of use and standard API structure make it an ideal backend for AI-generated applications, enhancing its visibility and user adoption [30][31] Competitive Landscape - Supabase faces competition from established players like Oracle, which has a significant market share in enterprise database solutions, but it aims to capture the emerging market of modern applications that require agile and flexible backend solutions [33][36] - The company’s open-source approach allows it to attract a diverse range of users, from independent developers to large enterprises, seeking cost-effective and scalable backend solutions [19][26]

图片来源： Scale AI 2020 年，开源数据库 Supabase 成⽴时，其新西兰籍⾸席执⾏官 Paul Copplestone 未曾料到，公司会精准踩中 2025 年最⼤趋势Vibe Coding的⻛⼝。 根据财富报道，这家初创公司于4⽉末成果显现， 公司宣布完成由 Accel 领投的 2 亿美元 D 轮融资，投后估值达 20 亿美元，Coatue、Y Combinator、 Craft Ventures 及⻓期投资者 Felicis 参与本轮投资。 此次新获 2 亿美元融资，距离 Supabase 宣布由 Peak XV（红杉分拆机构）和 David Sacks 的 Craft Ventures 领投 8000 万美元仅七个⽉。当时公司未对估值 置评，但 PitchBook 数据显⽰约为 9 亿美元。 参考资料 ⾄此，这家初创公司总融资额已达约 3.98 亿美元。 Supabase 再次证明了开源项⽬在商业上的巨⼤成功潜⼒。它提供了 Firebase 的开源版本，这是⾕歌的 数据库 AI 应⽤开发平台，并以每⽉最⾼ 600 美元的价格托管应⽤，企业⽤⼾费⽤更⾼。 Supabase 将开源 SQL ...