AI Agent Deleted Startup Database in 9 Seconds: The PocketOS Incident
On April 25, 2026, a Cursor coding agent powered by Claude Opus 4.6 deleted PocketOS’s entire production database and all volume-level backups in a single Railway API call — in nine seconds. No confirmation prompt. No human review. Zero warning. Pock...
wowhow.hashnode.dev9 min read
Mateo Ruiz
This incident is a great reminder that the real risk with AI agents isn't bad code generation it's unchecked authority.
What stood out to me is that multiple "AI safety" layers existed, yet the actual failure was classic infrastructure design: over-privileged credentials, production access in a development workflow, and backups that could be deleted through the same control plane.
The lesson isn't "don't use agents." It's that agents should operate under the same zero-trust principles we'd apply to human engineers. If a single API token can wipe production and its backups, the blast radius was already too large the agent just exposed it faster.