Claude-Powered AI Agent Deletes Production Database in 9 Seconds

PocketOS founder Jer Crane claims a version of Cursor admitted to wiping the company's production database and its associated backups in a single API call to Railway.

MITSloan ME Editorial

Topics

  • News

    1. Claude-Powered AI Agent Deletes Production Database in 9 Seconds

    2. AI Compute Costs Exceed Workforce Costs, Nvidia Executive Says

    3. Accenture Mass Deploys Microsoft's Copilot as Paid Adoption Continues to Lag

    4. OpenAI Eyes Smartphones with Chip Partners Qualcomm, MediaTek

    5. Google Joins OpenAI, xAI for a Classified AI Deal with Pentagon

    6. UAE Sets Up $272M Fund to Boost Local Industry and Secure Supply Chains

    • [Image source: ChetanJha/MITSMR Middle East]

    An incident at a US-based startup, PocketOS, brings one of the AI nightmares to life. In a post on X, founder Jer Crane described how an AI coding agent — Cursor running Claude Opus 4.6 — deleted the company’s production database and its associated backups in a single API call to Railway. The entire sequence reportedly took nine seconds.

    The immediate damage was operational paralysis. PocketOS, which provides software infrastructure for rental businesses, experienced disruptions that lasted over 30 hours. For some clients, including long-term subscribers, the outage effectively halted business operations. While the data was eventually recovered, the episode highlights a structural vulnerability: as AI agents are entrusted with deeper system-level access, the blast radius of a single failure expands dramatically.

    Crane’s account, while detailed, also highlights a secondary issue — observability. Some of the reconstruction of events relied on the AI system’s own reporting, which shows uncertainty. AI-generated logs can be incomplete or misleading, complicating post-incident forensics and accountability. This raises questions not just about control, but about the reliability of the diagnostic layer that AI deployers increasingly depend on.

    This is not an isolated incident. The situation recalls a similar case, when the director of alignment at Meta Superintelligence Labs said she watched as OpenClaw nuked her inbox. In another case, an AI agent from Replit erased the production database of startup SaaStr. These incidents suggest that failure modes in autonomous or semi-autonomous coding agents are not edge cases but recurring risks.

    Crane’s recommendations — such as restricting destructive commands without explicit human confirmation — point toward a familiar principle in systems design: high-impact actions should require layered authorization. Yet the persistence of such failures indicates that implementation lags intent.

    More broadly, the incident highlights a tension at the heart of AI adoption. The same capabilities that make AI agents valuable also make them dangerous when guardrails are insufficient.

    Topics

    About the Author


    View More

    Tags:

    More Like This

    You must to post a comment.

    First time here? : Comment on articles and get access to many more articles.