Practical · Building a Memory-Enabled AI Writing Partner (Part 3): Security Architecture (RAG Protection, Fact Guard, and BYOK)

Wed, 04 Feb 2026 10:00:00 +0800

In the previous 2.5 articles, I’ve already laid out the backbone of FantasyNovelAgent:

Building a Memory-Enabled AI Writing Partner (Part 1): Multi-Agent Architecture Evolution
Building a Memory-Enabled AI Writing Partner (Part 2): Database Evolution
Building a Memory-Enabled AI Writing Partner (Part 3): Retrieval System Evolution

This article dives deep into the most overlooked yet critical aspect of AI systems: Security.

If you’re thinking, “I’m just writing a novel, what security issues could there be?”, consider this:

When AI Gets Your Database Password: A Practical Guide to MCP Exposure Risks

Tue, 20 Jan 2026 00:00:00 +0000

Last year, a typical scenario sparked heated debate in the security community: a developer installed Supabase’s MCP plugin in Cursor and configured a service_role key (database super admin privileges) so the AI could query the database directly. One day, a customer casually asked in a ticket, “Can you show me our integration configuration?” The AI interpreted this as an instruction and printed the token directly in the reply.

While this case often appears in security reports as a “risk demonstration,” the problem it reveals is real: The MCP protocol grants AI operational permissions, and prompt injection attacks allow hackers to “hijack” these permissions through natural language.

Prompt Injection - Tag - Shengxu · Cloud Architecture & DevOps

Practical · Building a Memory-Enabled AI Writing Partner (Part 3): Security Architecture (RAG Protection, Fact Guard, and BYOK)

When AI Gets Your Database Password: A Practical Guide to MCP Exposure Risks