Supabase vs Dust
Side-by-side trajectory, velocity, and editorial themes.
Supabase is reversing its biggest security default - public-schema tables no longer auto-exposed via PostgREST.
The headline shipping move is a deliberate change to Supabase's security posture: new projects can opt out of automatic Data API and GraphQL exposure for public-schema tables, with broader defaults flipping in May. Around it: an OAuth 2.1 compliance fix, an RLS Tester preview to make policy verification possible from the UI, and a steady drumbeat of platform improvements summarized in the monthly developer update.
Supabase is rebuilding the security defaults that made it fast to start with but easy to misconfigure. Combine the no-auto-expose change with the RLS Tester preview and the direction is clear: the platform is moving from convention-based exposure to explicit, testable access control. The OAuth compliance fix and developer updates suggest steady investment in standards conformance rather than new product surface this window.
Expect the no-auto-expose default to apply to existing projects (with a long opt-out runway), and the RLS Tester to graduate from preview into the dashboard as a first-class panel. Continued breaking-change drumbeat tied to OAuth/OIDC compliance is likely.
Dust is widening the agent-platform surface: multimodal tools, enterprise audit, model breadth.
Dust is shipping at a fast clip on three fronts that together define a serious agent platform: model breadth (Gemini 3.5 Flash, Grok 4.3, refreshed Anthropic lineup), agent capability (MCP tools can now return images the agent can actually see, plus context compaction for long runs), and enterprise readiness (workspace audit logs streamable to Datadog, Splunk, or any HTTPS sink). Integrations are getting versioned upgrades on the side (Asana MCP v2, Gmail labels and archive). The product is moving from 'chat with an agent' toward 'run agents in production with observability and multimodal I/O.'
Two clear directions: deeper enterprise GTM via SIEM-grade audit, and a more capable agent runtime that can see, remember, and act inside third-party SaaS. The MCP-image release in particular treats Model Context Protocol as a real I/O surface rather than a text-only RPC, which is where the broader MCP ecosystem is heading. Frequent model rotations suggest Dust is positioning as model-agnostic infrastructure rather than locking into one provider.
Next moves likely lean into the same arc: more MCP integrations with action verbs (write/delete/transition states), expanded multimodal returns (audio, structured documents), and finer-grained admin controls layered on top of the audit foundation - tool-usage policies, per-agent egress rules, or approval workflows.
See more alternatives to Supabase →
See more alternatives to Dust →