> The cursor assistant operates the Supabase database with elevated access via the service_role, which bypasses all row-level security (RLS) protections.

This is too bad.