Building & Product

How do I keep customer data safe in an AI-built internal tool?

The short answer

The single biggest failure in AI-built tools is a database with no row-level security: one scan found 170 of 1,645 Lovable apps leaking names, emails, and financial records because the AI generated the tables but never configured access rules. Turn on RLS for every Supabase table, keep API keys server-side (never in the browser), and put the tool behind a real login even if it is 'just internal'. Then run one adversarial pass, asking the AI itself or a scanner to attack what it built, before any customer data goes in.

A quick orientation. The real value is below: resources worth your time, from people who've actually done it.

18 resources worth your time

More in Databases & Internal Tools