IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
International Women’s Day
392 opinions Read now

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Secure sf datacenter shield racks with postgres elephant emblem
#
Virtualisation
#
DevOps
#
Cloud Security

Constructive unveils secure-by-default Postgres platform

Sat, 7th Feb 2026
Author image
By Shannon Williams, News Editor

Constructive has launched a secure-by-default Postgres platform that applies Row-Level Security policies when tables are created, rather than relying on later application-side configuration.

The San Francisco company is targeting teams building back-end systems with AI-assisted tooling, where schema changes and database permissions can be generated faster than developers can review them. It aims to enforce permissions and correctness at the database layer before application code runs.

The launch follows growth in the firm's open-source developer tooling, which has passed 100 million downloads on npm. That software includes SQL parsers, migration systems, and introspection tools used in Postgres development workflows.

Postgres focus

Postgres adoption continues to grow across web and enterprise software, and it has become a common default for new applications. Constructive argues that this momentum, combined with AI-assisted development, increases the risk of misconfigured database permissions.

In the core workflow, teams choose an access model and a compiler generates tables with policies applied at creation time. This embeds access rules in the database structure from the outset and reduces the need for manual Row-Level Security configuration later.

The platform also includes a migration approach designed to produce deterministic outputs when schemas change, making security guarantees reproducible and verifiable across environments.

Another element is Row-Level Security validation in CI/CD pipelines. This is intended to make authorisation logic testable in automated checks, instead of leaving it as an opaque set of database rules reviewed intermittently.

Execution layer

The platform includes a serverless execution layer that runs functions alongside the database. Functions written in TypeScript, Python, Rust, C, or Docker-composed runtimes inherit the same database-enforced permission model.

Constructive is pitching the model as a way to keep access controls consistent across services and collaborators. It also extends to AI agents that may run tasks against production data with limited oversight.

The approach relies on tooling below the application layer that works with abstract syntax trees, which represent code structure. Constructive says this makes it possible to derive security rules deterministically and apply them across databases and related interfaces.

"We trusted software when it moved at human speed-slow enough for developers to inspect every line," said Dan Lynch, founder and CEO of Constructive.

AI-assisted development changes the economics of review and testing, Lynch said. "AI makes that model obsolete. When human review becomes the bottleneck, security can't be an afterthought-it has to be baked into the architecture."

Ecosystem links

Constructive says its parsing technology is used by Postgres-related platforms including Supabase, Neon, and Gel Data. Neon has been acquired by Databricks, while Gel Data has been acquired by Vercel.

It also says its security compiler transforms schemas into secure configurations at compile time, and referenced provisional patent filings related to the compiler.

Constructive argues that database-level access control failures often stem from misconfiguration rather than exploits of underlying database engines. Applying security rules during table creation changes the failure mode, because policies are no longer an optional step added after a schema is already in use.

Background and scale

Lynch has worked with Row-Level Security for around a decade, according to the company. Before Constructive, he founded Brandcast, which was backed by Marc Benioff and later acquired by TIME. Brandcast served enterprise customers including General Electric.

Constructive says its open-source tools run in production across more than 10 million databases, including deployments at Supabase and Databricks. It also says downloads of its tooling have tripled over the past 18 months, from 32 million to more than 100 million.

The platform is available in commercial private beta, with early access aimed at enterprise teams.

Related stories
NZ faces legal and sovereignty risks as EU AI rules take effect - experts
Xero unveils 'Accountable Intelligence' for AI in finance
From 398 to 200 Days: Understanding the TLS Certificate Lifespan Reduction
The new world of GEO - are you ready?
SailPoint & AWS ally on AI agent identity governance

Top stories

Spoofed AI agents flood websites, straining defences
Amazon leads concentrated global hyperscale market
NCS links agentic AI to NVIDIA stack for sovereign use
Okta unveils security blueprint for enterprise AI agents
Dell debuts Premium 14 & 16 laptops with Intel AI chips