DealForge autonomously sources, scores, and writes investment memos on venture deals. Stop manually hunting.
1,180+ deals tracked · 22 AI investment memos · Updated daily
I scanned 20,052 apps built with Supabase to see how many were leaking data. Here is the data on why most apps are currently at risk.
Hey everyone, I have been running a security audit tool for Supabase. Over the last several months, I looked at a dataset of 20,052 unique domains and over 2,000 specific security incidents. This includes public leaks, hacker disclosures, and apps found in the wild. I wanted to share the raw trends because they are very different from what most developers expect. **The "User Error" Reality** Actual platform bugs are very rare and make up less than 1 percent of all issues. However, over 94 percent of all data leaks come from how a user sets up their own project. Most people worry about the backend being hacked when they should be worried about their own settings. **The Big Failure Categories** Row Level Security (RLS) being turned off accounts for 48 percent of all critical issues. This is when an entire table is readable by anyone on the internet. Exposing the service role key makes up 27 percent of leaks. This usually happens when someone puts the key in their frontend code or saves it to a public GitHub. Weak security rules represent 16 percent of issues. In these cases, the developer added a rule, but a user can still edit or delete things they do not own **The "AI Coding" Risk** Apps built with AI tools like Lovable, Bolt, or Cursor have a much higher failure rate. My data shows that about 1 in every 10 AI-generated apps has a massive security hole. These tools are great for building quickly, but they often ship code with security turned off so that the app works instantly. **The "Target" Index** I tracked which types of apps are getting hit the hardest by scanners and hackers. Finance (193 high-risk signals): This is the most dangerous category. Hackers are actively looking for portfolio trackers and payment tools to steal financial data. E-commerce (76 high-risk signals): These apps often leak customer names and home addresses because owners want their inventory to sync fast without checking rules. Social Tools (42 high-risk signals): Private message
The project identifies a high-growth niche in securing AI-generated code and BaaS configurations, backed by impressive proprietary data from 20,000+ scans. While it currently lacks formal business traction and faces significant platform risk from Supabase itself, the timing aligns perfectly with the explosion of AI coding tools.