Gone in Nine Seconds

anubi writes:

I thought you guys might like this ..

Somebody has some 'splainin' to do!

https://www.tomshardware.com/tech-industry/artificial-intelligence/claude-powered-ai-coding-agent-deletes-entire-company-database-in-9-seconds-backups-zapped-after-cursor-tool-powered-by-anthropics-claude-goes-rogue

The founder of PocketOS has penned a social media post to warn others about the "systemic failures" of flagship AI and digital services providers. Jer Crane was inspired to write a public response after an AI coding agent deleted his firm's entire production database. The AI agent's misdemeanors were then hugely amplified by a cloud infrastructure provider's API wiping all backups after the main database was zapped. This tag team of digital trouble has wiped out months of consumer data essential to the firm's, and its customers, businesses.

[...] "Yesterday afternoon, an AI coding agent - Cursor running Anthropic's flagship Claude Opus 4.6 - deleted our production database and all volume-level backups in a single API call to Railway, our infrastructure provider," sums up the PocketOS boss. "It took 9 seconds."

[...] The PocketOS boss puts greater blame on Railway's architecture than on the deranged AI agent for the database's irretrievable destruction. Briefly, the cloud provider's API allows for destructive action without confirmation, it stores backups on the same volume as the source data, and "wiping a volume deletes all backups." Crane also points out that CLI tokens have blanket permissions across environments.

It was also observed by the irate SaaS founder that Railway is actively promoting the use of AI-coding agents by its customers. Crane's use of an AI coding agent on the Railway platform wasn't exploring new frontiers, or wasn't supposed to be. Meanwhile, Crane has been provided no recovery solution, and Railway has apparently been hedging carefully regarding any such possibility.

[...] Thankfully, PocketOS had a full 3-month-old backup, which was restorable from, so the deletion gaps are all limited to the interim period.

There are lessons to be learned from mistakes, as usual. Crane bullet points five things that need to change as the AI industry scales faster than it builds a worthwhile safety architecture. Specifics he calls for include; stricter confirmations, scopable API tokens, proper backups, simple recovery procedures, and AI agents existing within proper guardrails.

In the meantime, please follow a thorough backup regimen and be careful out there. This isn't the first time we've seen an AI go rogue and start deleting important databases.

Read more of this story at SoylentNews.