The #1 security vulnerability according to the latest OWASP Top 10.

Added: 2026-05-26

[00:00:00]The number one security vulnerability, according to the latest OWASP Top 10, broken access control. It's when a logged in user can access data or perform actions they're not supposed to.

[00:00:08]And it actually makes up 35% of what we find in Kaskada. So, here are three ways to prevent it. First, deny by default.

[00:00:13]Unless something's meant to be public, the default answer should always be no.

[00:00:16]This is the number one issue we find with people using Superbase. Second, introduce access checks once and implement them everywhere. Don't like randomly sprinkle in custom logic into every single endpoint. Third, enforce record ownership at the data model level. The system should know who owns what and not just randomly trust that a user is asking for the right thing.

[00:00:33]Where do you see this very commonly with agents having over-privileged access to user data. If you want a more in-depth breakdown, comment block and I'll send it to you.