AI didn't delete your database, you did
Brajeshwar
511 points
284 comments
May 05, 2026
Related Discussions
Found 5 related stories in 83.6ms across 8,303 title embeddings via pgvector HNSW
- An AI agent deleted our production database. The agent's confession is below jeremyccrane · 587 pts · April 26, 2026 · 65% similar
- AI deleted my most tests, and said "All Tests Pass" autobe · 13 pts · May 03, 2026 · 58% similar
- AI Did It in 12 Minutes. It Took Me 10 Hours to Fix It firefoxd · 15 pts · April 08, 2026 · 56% similar
- AI (2014) bjornroberg · 69 pts · March 20, 2026 · 55% similar
- AI is a tool. Don't try to make it a teammate lubos76 · 26 pts · March 02, 2026 · 55% similar
Discussion Highlights (20 comments)
josefritzishere
Using AI is a mistake. It might delete your database.
jacquesm
From 'the hacker did it' we have moved to 'the AI did it'. The problem set is roughly the same.
gowld
Distinction without a difference.
pengaru
wiring up an RNG to your CLI has fairly obvious risks, the root of the problem is ~everyone's treating GenAI as if it's AGI - the rest is popcorn fodder.
oatlgr
LLM based probabilistic systems are good (or bad in this case) at deciding what to do, and deterministic systems are good at carrying it out. Your deployment system should always be deterministic.
bluejay2387
Yes, the problem was having a system where the AI could delete the database.
newsoftheday
The article is dumb, "why do you have an API endpoint that deletes your entire production database?" irrelevant, the AI did what it did, period.
tantalor
Why do we even have that lever?
yabones
"move fast and break things" only sounds good when it's not breaking things in a serious and unfixable way. Maybe we shouldn't take hype mantras as instructive means to an end.
edot
This is why you don’t hire interns! They can delete things and cause havoc! The same people who would blame AI for their failing to properly configure permissions would also blame interns for deleting production whatever. Blame should go up, praise should go down. People always invert these.
ericskiff
What's interesting is that in this article, the author describes making an understandable mistake (accidentally deleting Trunk aka main from source) and how their team was able to easily recover from that due to the nature of SVN. The actual "AI deleted my database" story is really more of a "Railways' database 'backup' strategy is insane and opaque and Railway promoting AI infrastructure orchestration without guardrails is dangerous." If removing Trunk had irrevocably deleted it from a single centralized server and also deleted any backups of it, there would have been an "SVN and the CLI destroyed our company" article back then. As a Railway user, I appreciated that information and have changed my strategy when using them.
sofixa
The issue isn't that there is a delete endpoint (realistically, there always will be a way for a rogue actor to delete data or code by overwriting it, or running a Terraform destroy, or whatever). The core issue is that the LLM had access to perform that action. Because it's by definition non deterministic, and you never know what it can decide to do, you need to have strict guardrails to ensure they can never do something it shouldn't. At the very least, strict access controls, ideally something more detailed that can evaluate access requests, provide just in time properly scoped access credentials, and potentially human escalation.
docheinestages
AI is just another tool. We humans are still responsible for how we choose to use the tool, which includes giving it access to perform sensitive actions like manipulating production data. I think this should be common sense by now, but I guess we get carried away and anthropomorphize AI too much.
rvz
When AI makes no mistakes: "My work is 100% done with AI". When AI makes a mistake and deletes your database: "That was human a error, the AI did not do it!" In both cases YOU are responsible for the mistakes and output that the AI is generating, just like when using autopilot on a Tesla vehicle, YOU are responsible for operating the vehicle on autopilot when driving and using assisted driving.
oersted
Some details from the original post for context: They had a Railway token in an unrelated file (unclear if it was a local secret) for managing custom domains. It turns out that token has full admin access to Railway. The AI deleted a single relevant volume by id. The author is rather vague about what exactly it asked it to do, he just says there was a “credentials mismatch” and Claude took the initiative to fix it by deleting the volume. But it’s likely that they are somewhat downplaying their culpability by being vague. It turns out too that Railway stores backups in the same volume. I think that OP is exaggerating with their references to “a public API that deletes your database”. I’d say most of the blame lies with Railway here, regardless of AI, this could have happened easily due to human error or malicious intent too. I really don’t get the value of all these VC funded high-abstraction cloud services like Railway, Vercel, Supabase… It’s markup on top of markup. Just get a single physical server in Hetzer and it will all be so much cheaper, with a similar level of complexity and danger, and less dependent on infra built with reckless growth-at-all-costs mentality.
proxysna
“Expert” that does not know what a Terraform is. lol, lmao even
hoistbypetard
> Automation helps eliminate the silly mistakes that come with manual, repetitive work. Sometimes it does that. And sometimes it lets you fuck things up at scale.
paroneayea
I think the perspective here is completely wrong. The problem is that people are now building our world around tooling that eschews accountability . Over a decade ago now, I had a conversation with Gerald Sussman which had enormous influence on me: https://dustycloud.org/blog/sussman-on-ai/ > At some point Sussman expressed how he thought AI was on the wrong track. He explained that he thought most AI directions were not interesting to him, because they were about building up a solid AI foundation, then the AI system runs as a sort of black box. "I'm not interested in that. I want software that's accountable." Accountable? "Yes, I want something that can express its symbolic reasoning. I want to it to tell me why it did the thing it did, what it thought was going to happen, and then what happened instead." He then said something that took me a long time to process, and at first I mistook for being very science-fiction'y, along the lines of, "If an AI driven car drives off the side of the road, I want to know why it did that. I could take the software developer to court, but I would much rather take the AI to court." Years later, I found out that Sussman's student Leilani Gilpin wrote a dissertation which explored exactly this topic. Her dissertation, "Anomaly Detection Through Explanations", explores a neural network talking to a propagator model to build a system that explains behavior. https://people.ucsc.edu/~lgilpin/publication/dissertation/ There has been followup work in this direction, but more important than the particular direction of computation to me in this comment is that we recognize that it is perfectly reasonable to hold AI corporations to account. After all, they are making many assertions about systems that otherwise cannot be held accountable, so the best thing we can do in their stead is hold them accountable. But a much better path would be to not use systems which fail to have these properties, and expand work on systems which do.
pizza234
There’s nuance to the infamous PocketOS incident. The key point is not what is emphasized in the linked article: > "Why did you delete it when you were told never to perform this action?" Then he tried to parse the answer to either learn from his mistake or warn us about the dangers of AI agents. Rather, that the AI was able to carry out the deletion by finding and exploiting an unintended weakness in the sandboxed staging environment, ultimately obtaining permissions that the sysadmins believed were inaccessible (my impression is that the author of the linked article didn't fully read the original post)¹ The dynamics are typical of an improperly configured sandbox environment. What is alarming, however, is the degree of autonomy and depth of exploration the AI displayed. ¹="To execute the deletion, the agent went looking for an API token. It found one in a file completely unrelated to the task it was working on."
imiric
This is missing the point. The issue isn't with the amount of guardrails in place to perform an action. Yes, it is obvious that there should be some in place before doing any critical operation, such as deleting a database. The issue is that the "agent" completely disregarded instructions, which in the age of "skills" and "superpowers" seems like an important issue that should be addressed. Considering that these tools are given access to increasingly sensitive infrastructure, allowed to make decisions autonomously, and are able to find all sorts of loopholes in order to make "progress", this disaster could happen even with more guardrails in place. Shifting the blame on the human for this incident is sweeping the real issue under the rug, and is itself irresponsible. There are far scarier scenarios that should concern us all than losing some data.