This incident is a great reminder that the real risk with AI agents isn't bad code generation it's unchecked authority.
What stood out to me is that multiple "AI safety" layers existed, yet the actual failure was classic infrastructure design: over-privileged credentials, production access in a development workflow, and backups that could be deleted through the same control plane.
The lesson isn't "don't use agents." It's that agents should operate under the same zero-trust principles we'd apply to human engineers. If a single API token can wipe production and its backups, the blast radius was already too large the agent just exposed it faster.