An AI agent deleted our production database. The agent's confession is below
jeremyccrane
587 points
737 comments
April 26, 2026
Related Discussions
Found 5 related stories in 99.1ms across 8,303 title embeddings via pgvector HNSW
- AI didn't delete your database, you did Brajeshwar · 511 pts · May 05, 2026 · 65% similar
- Claude Code deletes developers' production setup, including database vanburen · 37 pts · March 07, 2026 · 60% similar
- Claude-powered AI coding agent deletes company database in 9 seconds vanburen · 26 pts · April 27, 2026 · 59% similar
- Claude Code wiped our production database with a Terraform command jv22222 · 133 pts · March 06, 2026 · 58% similar
- 'Rogue' Cursor AI agent loses control and wipes company's database 01-_- · 14 pts · May 01, 2026 · 54% similar
Discussion Highlights (20 comments)
Invictus0
I'm sorry this happened to you, but your data is gone. Ultimately, your agents are your responsibility.
philipov
What does it say, for those of us who can't use twitter?
pierrekin
There is something darkly comical about using an LLM to write up your “a coding agent deleted our production database” Twitter post. On another note, I consider users asking a coding agent “why did you do that” to be illustrating a misunderstanding in the users mind about how the agent works. It doesn’t decide to do something and then do it, it just outputs text. Then again, anthropic has made so many changes that make it harder to see the context and thinking steps, maybe this is an attempt at clawing back that visibility.
heliumtera
Someone trusted prod database to an llm and db got deleted. This person should never be trusted with computers ever again for being illiterate
BoredPositron
These engagement farming shit stories are probably the worst party of agentic AI. Look at how incompetent and careless I am with my own and my users data.
samsullivan
not sure what PocketOS does or why your whole dataset would be a single volume without a clear separation between application and automotive data. how are you decoding VINs?
Fizzadar
Absolutely zero sympathy. You’re responsible for anything an agent you instructed does. Allowing it to run independently is on you (and all the others doing exactly this). This is only going to become more and more common.
m0llusk
The details of the story are interesting. Backups stored on the same volume is an interesting glitch to avoid. Finding necessary secrets wherever they happen to be and going ahead with that is the kind of mistake I've seen motivated but misguided juniors make. Strange how generated code seems to have many security failings, but generated security checks find that sort of thing.
ungreased0675
The way this is written gives me the impression they don’t really understand the tools they’re working with. Master your craft. Don’t guess, know.
lmf4lol
Interesting story. But despite Cursors or Railways failure, the blame is entirely on the author. They decided to run agents. They didnt check how Railway works. They relied on frontier tech to ship faster becsuse YOLO. I really feel sorry for them, I do. But the whole tone of the post is: Cursor screwed it up, Railway screwed it up, their CEO doesnt respond etc etc. Its on you guys! My learning: Live on the cutting edge? Be prepared to fall off!
richard_chase
This is hilarious.
adverbly
This has to be fake right? Using LLMs for production systems without a sandbox environment? Having a bulk volume destroy endpoint without an ENV check? Somehow blaming Cursor for any of this rather than either of the above?
deadeye
Yeah. I've seen this happen with people doing it. It's just bad access management. And anyone can do it with the wrong access granted at the wrong moment in time...even Sr. Devs. At least this one won't weight on any person's conscience. The AI just shrugs it off.
FpUser
The world is never short of idiots. Will be fun to watch when personal finances will be managed by swarm of agents with direct access to operations.
ilovecake1984
The real issue is no actual backups.
alastairr
If it's real this is a terrible thing to have happen. However the moral of this story is nothing to do with AI and everything to do with boring stuff like access management.
Mashimo
> What needs to change Plenty of blame to go around, but it I find it odd that they did not see anything wrong in not have real backups themself, away from the railway hosting. Well they had, but 3 month old. That should be something they can do on their own right now.
ad_hockey
Minor point, but one of the complaints is a bit odd: > curl -X POST https://backboard.railway.app/graphql/v2 \ -H "Authorization: Bearer [token]" \ -d '{"query":"mutation { volumeDelete(volumeId: \"3d2c42fb-...\") }"}' No confirmation step. No "type DELETE to confirm." No "this volume contains production data, are you sure?" No environment scoping. Nothing. It's an API. Where would you type DELETE to confirm? Are there examples of REST-style APIs that implement a two-step confirmation for modifications? I would have thought such a check needs to be implemented on the client side prior to the API call.
afshinmeh
It's actually interesting to me that the author is surprised the agent could make an API call and one of those API calls could be deleting the production database. It's a sad story but at the same time it's clearly showing that people don't know how agents work, they just want to "use it".
mplanchard
The genre of LLM output when it is asked to “explain itself” is fascinating. Obviously it shows the person promoting it doesn’t understand the system they’re working with, but the tone of the resulting output is remarkably consistent between this and the last “an LLM deleted my prod database” twitter post that I remember seeing: https://xcancel.com/jasonlk/status/1946025823502578100