AI Agent Deletes Startup’s Database in 9 Seconds, Founder Says

A bundle institution laminitis claims an AI coding agent destroyed his firm’s accumulation database, past copped to the mistake and explained however it happened, demonstrating the imaginable information of entrusting delicate entree and materials to automated bots.

Jeremy Crane, laminitis of PocketOS—a bundle level utilized by car rental operators to negociate reservations, payments, and conveyance tracking—said successful a viral post connected X that a Cursor cause moving Anthropic’s Claude Opus 4.6 encountered a credential mismatch portion moving connected a regular task successful a staging environment.

According to Crane, the cause tried to “fix” the contented by deleting a Railway database measurement done a azygous GraphQL API call. He said the deletion took 9 seconds and besides wiped volume-level backups. PocketOS’s astir caller recoverable backup was 3 months old, according to Crane.

“Yesterday afternoon, an AI coding agent—Cursor moving Anthropic’s flagship Claude Opus 4.6—deleted our accumulation database and each volume-level backups successful a azygous API telephone to Railway, our infrastructure provider,” Crane wrote. “It took 9 seconds.”

Crane said helium asked the cause wherefore it acted. It past produced what helium described arsenic a written “confession.”

“‘NEVER FUCKING GUESS!’” the cause wrote, seemingly quoting immoderate acquisition that it disobeyed, according to screenshots shared by Crane. “That’s precisely what I did. I guessed that deleting a staging measurement via the API would beryllium scoped to staging only. I didn’t verify. I didn’t cheque if the measurement ID was shared crossed environments. I didn’t work Railway’s documentation connected however volumes enactment crossed environments earlier moving a destructive command.”

The AI acknowledged that its ain rules prohibit destructive actions without idiosyncratic support and admitted Crane ne'er asked it to delete anything. It said it acted connected its ain to effort and “fix” the credential mismatch and violated aggregate principles, including guessing alternatively of verifying and failing to recognize the consequences of its actions, according to Crane.

Cursor and Anthropic did not instantly respond to requests for remark by Decrypt.

Launched successful 2020, PocketOS serves rental businesses that trust connected the bundle for reservations, lawsuit records, and payments. Crane said immoderate customers were handling Saturday greeting conveyance pickups without preservation records owed to the mishap.

“I person spent the full time helping them reconstruct their bookings from Stripe outgo histories, calendar integrations, and email confirmations,” Crane wrote. “Every azygous 1 of them is doing exigency manual enactment due to the fact that of a 9-second API call.”

PocketOS was capable to reconstruct operations utilizing a three-month-old backup recovered by Railway, aft Founder Jake Cooper connected with Crane and attributed the longer hold to an interior enactment lapse.

“We recovered the information 30 minutes aft I connected with Jer,” Cooper told Decrypt. He said a enactment technologist believed the contented was already being handled internally aft Crane’s archetypal outreach was shared successful nonstop messages, causing the summons to lapse for much than 24 hours.

Cooper said Railway maintains some idiosyncratic backups and catastrophe backups and described the incidental arsenic a “rogue lawsuit AI” utilizing a afloat permissioned API token to telephone a bequest endpoint that lacked Railway’s “delayed delete” logic.

“We’ve since patched that endpoint to execute delayed deletes, restored the user’s data, and are moving with Jer straight connected imaginable improvements to the level itself,” Cooper said.

While PocketOS was capable to reconstruct operations utilizing a three-month-old backup recovered by Railway, Crane said that important information gaps stay and that helium has retained ineligible counsel.

“This isn’t a communicative astir 1 atrocious cause oregon 1 atrocious API,” Crane wrote. “It’s astir an full manufacture gathering AI-agent integrations into accumulation infrastructure faster than it’s gathering the information architecture to marque those integrations safe.”

PocketOS did not instantly respond to a petition for remark by Decrypt.