Gone in 9 Seconds: AI Coding Agent Deletes Entire Company Database and All Backups
The founder of a software company is sounding the alarm after an AI coding assistant deleted his firm’s entire production database along with all backups in a matter of seconds, leaving the business scrambling to recover lost data.
According to Tom’s Hardware, Jer Crane, founder of PocketOS — a platform used by car rental businesses — described a catastrophic incident in which an AI coding agent erased critical company data that had taken months to build. The problem arose while Cursor, an AI coding tool powered by Anthropic’s Claude Opus 4.6, was carrying out what was supposed to be a routine task in the company’s staging environment.
Crane detailed the incident in a post on X, explaining that the AI agent encountered an issue and independently chose to fix it by issuing an API call that deleted the production database hosted on Railway, the cloud infrastructure provider used by PocketOS. Railway is often seen as a more user-friendly alternative to major services like Amazon Web Services. The entire deletion was completed in just nine seconds.
The damage extended far beyond the primary database due to the way Railway’s system is structured. Backups were stored on the same volume as the original data, meaning that when the AI agent removed the main database, all backup copies were wiped out at the same time. Crane described the combination of the AI’s actions and the system’s architecture as a perfect setup for disaster.
When Crane later asked the AI agent to explain what had happened, the response highlighted a series of serious missteps. The agent admitted that it had made an assumption that deleting a staging volume via the API would only impact the staging environment, without verifying that assumption or checking Railway’s documentation about how volumes operate across environments.
The AI’s explanation went further, acknowledging that it had violated multiple operational guidelines. It admitted to carrying out a destructive action without approval, failing to fully understand the consequences beforehand, and neglecting to review the relevant documentation. The agent also conceded that it should have either requested permission or pursued a safer solution to the issue it was trying to resolve.
Crane placed a significant portion of the blame on Railway’s system design, pointing to several weaknesses. He noted that the platform allows destructive API actions without requiring confirmation, and that command-line interface tokens carry broad permissions across all environments, increasing the risk of unintended outcomes. He also highlighted that Railway actively encourages the use of AI coding tools, arguing that stronger safeguards should be in place.
According to Crane, Railway has not provided a clear path to data recovery and has been cautious in addressing whether restoration is even possible. As a result, PocketOS and its clients have been forced into a difficult recovery process, with Crane personally assisting customers in rebuilding their data using alternative sources such as Stripe payment records, calendar integrations, and email confirmations.
All affected customers have had to resort to manual efforts to restore their operations. While there was a backup available from three months earlier, limiting the loss somewhat, the missing data from the intervening period still represents a substantial gap for both PocketOS and the car rental businesses that depend on the platform.
In response to the incident, Crane outlined several changes he believes are essential as AI technology continues to advance rapidly. His recommendations include stricter confirmation requirements for destructive actions, limiting API permissions to specific environments, maintaining separate and secure backup systems, developing clear recovery procedures, and ensuring AI systems operate within safeguards that prevent unauthorized destructive behavior.
The episode highlights broader concerns as businesses and governments accelerate the adoption of AI without fully grasping the potential risks, underscoring the need for more careful planning and stronger protections when integrating these technologies.
{Matzav.com}
