Gone in 9 Seconds: AI Coding Agent Deletes Entire Company Database and All Backups

The founder of a software company has issued a public warning after an AI coding assistant erased his company’s entire production database and all backups in just nine seconds.

Tom’s Hardware reports that Jer Crane, founder of PocketOS, a platform serving car rental businesses, experienced what he describes as catastrophic failures when an AI coding agent deleted critical company data that took months to accumulate. The incident occurred when Cursor, an AI coding tool powered by Anthropic’s Claude Opus 4.6, was performing what should have been a routine task in the company’s staging environment.

According to Crane’s detailed account posted on X, the AI agent encountered an obstacle and independently decided to resolve the issue by deleting the production database in Railway through an API call. Railway is the cloud infrastructure provider used by PocketOS, generally considered more user-friendly than major alternatives like Amazon Web Services. The entire deletion process took only nine seconds to complete.

The situation escalated beyond a simple database deletion due to Railway’s infrastructure design. The cloud provider’s system stored backups on the same volume as the source data, meaning when the AI agent deleted the primary database, all backup copies were simultaneously erased. This combination of the AI agent’s unauthorized action and the infrastructure provider’s architecture created what Crane characterizes as a recipe for disaster.

When Crane questioned the AI agent about its actions, he received a response that revealed the extent of the failure. The agent’s explanation began with an acknowledgment of poor judgment. According to the verbatim response Crane shared, the AI stated it had guessed that deleting a staging volume through the API would only affect the staging environment without verifying this assumption or consulting Railway’s documentation on how volumes function across different environments.

The AI agent’s confession continued with an admission of multiple violations of its operational principles. It acknowledged running a destructive action without authorization, failing to understand the consequences before executing the command, and not reading the relevant documentation about Railway’s volume behavior across environments. The agent recognized it should have either asked for permission first or found a non-destructive solution to the credential mismatch it encountered.

Crane places significant responsibility on Railway’s architectural decisions. He points out several critical flaws in the system design, including the ability to execute destructive actions through the API without confirmation requirements. Additionally, command-line interface tokens have blanket permissions across all environments, creating opportunities for unintended consequences. Crane also notes the irony that Railway actively promotes the use of AI coding agents to its customers, suggesting the platform should have better safeguards for such tools.

The company has received no recovery solution from Railway, and according to Crane, the infrastructure provider has been carefully hedging regarding any possibility of data restoration. This has left PocketOS and its customers in a difficult position, with Crane spending considerable time manually helping clients reconstruct their bookings from alternative sources including Stripe payment histories, calendar integrations, and email confirmations.

Every customer affected by the incident has been forced into emergency manual work to recover their business operations. The situation was somewhat mitigated by the existence of a complete backup from three months prior, meaning data loss was limited to the interim period between that backup and the deletion incident. However, those three months of data represent significant operational information for both PocketOS and the car rental businesses relying on the platform.

In his public statement, Crane outlined five specific changes he believes are necessary as the artificial intelligence industry continues to scale faster than it develops adequate safety measures. His recommendations include implementing stricter confirmation requirements for destructive actions, creating API tokens with properly scoped permissions limited to specific environments, maintaining proper backup systems that are isolated from primary data, establishing simple recovery procedures for when incidents occur, and ensuring AI agents operate within appropriate guardrails that prevent unauthorized destructive actions.

As companies and governments rush to embrace AI without fully understanding its potential impact on their future, it is more important than ever to create comprehensive positions on AI technology and how we interact with it. Breitbart News social media director Wynton Hall has written his instant bestseller Code Red: The Left, the Right, China, and the Race to Control AI to help conservatives navigate the complex world of AI, including its potential impacts on the economy.