Claude Code wiped our production database with a Terraform command
jv22222
133 points
146 comments
March 06, 2026
Related Discussions
Found 5 related stories in 74.2ms across 3,471 title embeddings via pgvector HNSW
- Claude Code deletes developers' production setup, including database vanburen · 37 pts · March 07, 2026 · 73% similar
- Show HN: A playable version of the Claude Code Terraform destroy incident cdnsteve · 22 pts · March 10, 2026 · 55% similar
- The Claude Code Leak mergesort · 79 pts · April 02, 2026 · 50% similar
- Claude Code's source code has been leaked via a map file in their NPM registry treexs · 1950 pts · March 31, 2026 · 49% similar
- I dropped our production database and now pay 10% more for AWS dsr12 · 52 pts · March 06, 2026 · 49% similar
Discussion Highlights (20 comments)
SunshineTheCat
Putting yourself in a situation where this could happen is kinda insane, right? Could be something I'm missing. I can't think of any specific example where I would let any agent touch a production environment, the least of which, data. AI aside, doing any major changes makes sense to do in a dev/staging/preview environment first. Not really sure what the lesson would be here. Don't punch yourself in the face repeatedly?
BoredPositron
You wiped your production database. You actively ignored the warnings of your tooling and your backup strategy was bad. Incompetence as content is surging in the last few weeks.
whalesalad
I do not let any `terraform apply` commands occur via automation in my org.
import
Well apparently guy were running tf from his computer and ask claude to apply changes while not providing state file, and “blaming” claude for the catastrophic result?
tdsanchez
That’s why you tell CC to do a ‘terraform plan’ to verify it’s not wrecking critical infrastructure and NEVER vibe-code infrastructure.
Zealotux
To think I used to find Silicon Valley a bit too much on the nose: https://www.youtube.com/watch?v=m0b_D2JgZgY
tomcatfish
Despite multiple comments blaming the AI agent, I think it's the backups that are the problem here, right? With backups, almost any destructive action can be rolled back, whether it's from a dumb robot, a mistaken junior, or a sleep-deprived senior. Without, you're sort of running the clock waiting for disaster.
fred_is_fred
s/Claude Code/unsupervised intern/ and it's the same story, except people might have more sympathy (for the intern).
rvz
Not the first time i've seen vibe coders causing havoc on production systems. Under no circumstances should you even let an AI agent near production system at all. Absolutely irresponsible.
HackerThemAll
Yeah, sure, blame Claude for not having backups. Sure do.
xmodem
An engineer recklessly ran untrusted code directly in a production environment. And then told on himself on Twitter.
andy_ppp
I can’t wait for ChatGPT to control the autonomous weapons, screw it put it in charge of the nukes!
renewiltord
I don’t use Terraform much anymore because don’t need it but that’s not how you use it. Always forward evolve infra. Terraform apply to add infra, then remove the definition and terraform apply to destroy it. There’s no use in running terraform destroy directly on a routine basis. Also, I assume you defined RDS snapshots also in the same state? This is clearly erroneous. It means a malformed apply human or agent results in snapshot deletion. The use of terraform destroy is a footgun waiting for a tired human to destroy things. The lesson has nothing to do with agent.
samuelknight
One of Terraform's most powerful features that it will tell exactly which resources change before it makes the changes. The hard part is writing Terraform, not reviewing and running one command. In my workflows I am the one who runs "terraform apply", NOT the agent.
semiquaver
I’m not going to “defend” the LLM here but this: > I forgot to use the state file, as it was on my old computer indicates that this person did not really know what they were doing in the first place. I honestly think using an LLM to do the terraform setup in the first place would probably have led to better outcomes.
NicuCalcea
Quite funny that that author followed up with this tweet: > If you found this post helpful, follow me for more content like this. > I publish a weekly newsletter where I share practical insights on data and AI.
6thbit
Blaming it on AI agents is the new blaming it on the intern. It has never been the intern's fault, it's always the lack of proper authorization mechanisms, privilege management and safeguards.
Mars008
Vibeadministration is coming after vibecoding. Get ready...
sornaensis
Can someone explain to me why anyone would do this, and then tweet about it..? Is he really trying to blame 'ai agents' and 'terraform' .. ??
phendrenad2
I blame not only the engineer who ran the command, Claude which made the mistake, but also software engineers as a group (because Terraform is way too dangerous a tool to be used by engineers and not dedicated SREs, yet we have somehow made this the default. I'm happy to be convinced otherwise, but I've seen enough carnage when "senior" engineers fuck up terraform that it'll be difficult), and also I blame cloud platforms like AWS that are overly complex and led to the Claude confusion.