Finds exposed tables
Scans your Supabase project for anon-readable RLS gaps — tables and views that return rows to the public without any policy protecting them.
NEXTLAYER SECURITY // RLS SENTINEL
The sentinel for your
Supabase data.
Wardinel watches for Row Level Security misconfigurations in AI-built Supabase apps — the quiet policy mistakes that turn private tables into public API responses.
Launching soon.
Get the launch noticeWhat Wardinel does
Plain-language report + SQL fixes
Each finding includes a human-readable explanation and a reviewable SQL policy template — concrete guidance, not vague security advice.
~5 minutes, keys never stored
Runs a targeted scan in minutes. Your anon key is held only for the duration of the scan — it is never written to disk or persisted in any database.
WHY IT MATTERS
AI tools ship fast.
Database boundaries don't review themselves.
Lovable, Cursor, v0, and Bolt are genuinely impressive at turning ideas into working apps. They are less reliable at correctly scoping every Row Level Security policy on every table they touch.
One permissive policy — a single table left without a restrictive RLS rule — is enough to make private user data queryable through the public API. It doesn't look like a breach. It looks like a normal API response.
Wardinel is the five-minute check you run before you announce the launch, not the six-month audit you run after the incident.