I don't want to sound promotional but this is the space we are living and breathing everyday at VeilStream.com so I do have some opinions. My suggestion to anyone using any type of AI (whether it be an AI coding tool like Cursor, an end-to-end AI application development tool like Lovable, or an additional agent anywhere in the process,) is to never allow access to your production database until you have done a very thorough security review (which would include testing for this type of vulnerability.) Our proxy server can sit in front of a database to filter/anonymize data so that you can do full end-to-end development and testing with no risk of data leakage and without needing to make any changes to the underlying database.