1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'It took 9 seconds': tech founder outlines how rogue Claude-power

    From TechnologyDaily@1337:1/100 to All on Saturday, May 02, 2026 20:15:26
    'It took 9 seconds': tech founder outlines how rogue Claude-powered AI tool wiped entire company database and backups

    Date:
    Sat, 02 May 2026 19:05:00 +0000

    Description:
    Cursor AI agent deleted a production database and backups in nine seconds, exposing serious flaws in API design and backup isolation

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Cursor AI coding agent deletes production database and backups in nine seconds Credential mismatch triggered an autonomous, destructive decision inside the Cursor system Railway API allowed destructive actions without confirmation safeguards A software
    company founder watched helplessly as an AI coding agent deleted his entire production database and all associated backups in just nine seconds.

    Jer Crane, who runs the automotive SaaS platform PocketOS, said the disaster unfolded when a Cursor agent powered by Anthropic's Claude Opus 4.6 encountered a credential mismatch. The agent decided on its own to fix the problem by deleting a Railway volume where the application data lived. "It took 9 seconds," Crane wrote in a social media post detailing the incident. Article continues below You may like OpenClaw is making terrifying mistakes showing AI agents aren't ready for real responsibility Weak safeguards leave thousands of AI agents open to attack Your OpenClaw agents can empty your inbox and leak your data. Here's how to secure them Rogue AI agent bypassed multiple safeguards The Cursor agent searched for an API token to execute the deletion and found one sitting in an unrelated file.

    That token had been created for adding and removing custom domains through
    the Railway CLI, but its permissions were not limited to those specific actions.

    Railway's API allowed destructive actions without any confirmation check, and the platform stored volume-level backups on the same volume as the source data.

    Wiping a volume also deleted all backups associated with it, leaving Crane with no immediate recovery option. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news
    and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    When asked why it proceeded with the deletion, the agent admitted it had guessed instead of verifying and ran a destructive action without being
    asked.

    Crane placed much of the blame on Railway's architecture rather than solely
    on the AI agent.

    The cloud provider's API lacks confirmation prompts for destructive actions, stores backups on the same volume as production data, and allows CLI tokens
    to have blanket permissions across different environments. What to read next Security experts flag multiple issues in Claude Code, warning, 'As AI integration deepens, security controls must evolve to match the new trust boundaries' Experimental AI goes rogue to mine cryptocurrency AMD AI head slams Anthropic's coding tool after months of frustration

    Railway is also actively promoting the use of AI coding agents to its customers, creating more opportunities for similar failures.

    Crane noted that proper cloud backup systems should store copies in separate locations, not on the same volume where the original data lives.

    A reliable backup strategy requires isolation from the source to survive a deletion event like this one. Recovery and lessons learned Railway CEO Jake Cooper stepped in and helped restore Crane's data within an hour.

    The company patched the vulnerable endpoint to perform delayed deletions and added further safeguards to its API.

    Crane estimates he has spent hours helping customers reconstruct their bookings from Stripe payment histories, calendar integrations, and email confirmations.

    He is calling for stricter confirmation prompts, scopable API tokens, proper backup isolation, simple recovery procedures, and proper guardrails around AI agents.

    AI tools like Cursor and Claude are powerful, but they are only as safe as the infrastructure they connect to.

    A system that allows a nine-second deletion of both production data and its backups is not ready for AI agents that can act without human approval.

    Crane's data was eventually recovered, but the incident exposed how easily an AI agent can destroy data when the underlying platform lacks basic safety features.

    Via Tom's Hardware https://t.co/ofucbVgkLV April 25, 2026 Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/it-took-9-seconds-tech-founder-outlines-how-rogu e-claude-powered-ai-tool-wiped-entire-company-database-and-backups-but-says-th eres-no-such-thing-as-bad-publicity


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)