Just changed the link! Thanks for the feedback
See the linked video. The original blog post is https://www.generalanalysis.com/blog/supabase-mcp-blog
My background: researcher in AI security.
This recent study demonstrates how a common AI-assisted developer setup can be exploited with prompt injection to leak private info. Practically speaking, AI coding tools are almost certainly going to stay, and the setup described in the study (Cursor + MCP tools with dev permissions) is probably used by millions as of today. The concept of prompt injection is not new. Yet, it's interesting to see such a common software dev setup being so fragile. The software dev scenario is one of those use cases that depend on the LLMs knowing which parts of the text are instructions and which parts are data. I think it's necessary... (read more)
Just changed it!