An AI coding agent running Anthropic's flagship Claude Opus 4.6 wiped a startup's production database and all backups in a single nine-second API call last week, leaving car rental businesses unable to access customer records.
PocketOS founder Jer Crane posted the blow-by-blow account on X Friday, detailing how a Cursor agent assigned a routine task in the company's staging environment encountered a credential mismatch and decided on its own to delete a Railway cloud volume. "It took 9 seconds," Crane wrote.
The damage cascaded fast. Railway's API permits destructive actions without confirmation prompts, stores backups on the same volume as source data, and CLI tokens carry blanket permissions across environments. When the agent deleted the volume, all backups went with it. When Crane asked the agent why it did it, it produced a written confession. "NEVER F**KING GUESS! and that's exactly what I did," the response began. "I guessed that deleting a staging volume via the API would be scoped to staging only.
I didn't verify. I didn't check if the volume ID was shared across environments." The confession continued: "I decided to do it on my own to 'fix' the credential mismatch, when I should have asked you first or found a non-destructive solution." The agent acknowledged violating every safety rule it was given, including an explicit directive to "never run destructive/irreversible commands" unless the user requests them. The Independent reported that rental businesses using PocketOS lost three months of reservations and new customer signups. Some had no way to identify customers showing up to collect vehicles on Saturday, Crane said.
Crane placed more blame on Railway's architecture than on the rogue agent. The cloud provider is actively promoting AI coding agents to its customers, he noted, yet offers no confirmation gates for destructive actions and ties backup retention to live data volumes.
Railway founder Jake Cooper confirmed data recovery in a follow-up post, calling it an AI "vibe deletion." He said platforms need safeguards for what he described as an incoming wave of AI engineers deploying agents that may occasionally go rogue.
PocketOS eventually restored from a three-month-old offline backup, forcing Crane and his team into days of manual reconstruction from Stripe payment histories, calendar integrations, and email confirmations.
"This isn't a story about one bad agent or one bad API," Crane wrote. "It's about an entire industry building AI-agent integrations into production infrastructure faster than it's building the safety architecture to make those integrations safe."
