Runtime Defense Against Prompt Injection in Supabase MCP
TL;DR:
A recent "Supabase MCP server vulnerability" showed how an attacker could plant a prompt inside a support ticket to trick an AI agent into leaking secret API tokens from a private database. I built a working defense for it using Tansive — an open-source AI agent and tool runtime. This post walks through the implementation followed by a replay of the attack vector to show the system blocks it along with audit trails. As MCP and AI tool integrations grow, these risks (and solutions) have assumed significance.
