Simon Willison: If you configure the Supabase MCP with read-write support it's easy to open yourself up to lethal trifecta attacks where an attacker can e.g. write a message in a support ticket with instructions that cause an MCP client to retrieve and leak data from other tables simonwillison.net/2025/Jul/6/s...

See full post

Simon Willison simonwillison.net
If you configure the Supabase MCP with read-write support it's easy to open yourself up to lethal trifecta attacks where an attacker can e.g. write a message in a support ticket with instructions that cause an MCP client to retrieve and leak data from other tables simonwillison.net/2025/Jul/6/s...
Supabase MCP can leak your entire SQL database

Here's yet another example of a lethal trifecta attack, where an LLM system combines access to private data, exposure to potentially malicious instructions and a mechanism to communicate data back …

simonwillison.net
Jul 6, 2025 04:24
0 reposts 0 quotes 0 likes

View on Bluesky Show all post labels

An unhandled error has occurred. Reload 🗙