Archer Labs — Intelligence

Security for
AI-built products.

Practical security guides for founders building with Lovable, Bolt.new, Supabase, Cursor, and other AI tooling. No jargon.

pocketbase security vibe-coding

PocketBase Defaults Every Collection to Public — I Read a Customer's Order in 30 Seconds

PocketBase ships with no API rules on any collection. That means every record in your database is readable by anyone on the internet — no login, no tools, just a URL.

April 4, 2026

supabase security vibe-coding

Supabase RLS: The Default That Leaves Your Database Open

Most AI-built apps ship with Supabase Row Level Security disabled. Here's what that means, who can access your data right now, and how to actually fix it.

April 1, 2026

Security forAI-built products.

PocketBase Defaults Every Collection to Public — I Read a Customer's Order in 30 Seconds

Supabase RLS: The Default That Leaves Your Database Open

Security for
AI-built products.