It was an agent of chaos.
An AI system’s attempt to handle a routine task backfired terribly after it inadvertently deleted the company’s entire database in just seconds.
The epic blunder came to light via a lengthy X post by Jer Crane, founder of the affected firm, a software startup called PocketOS.
Included was a confession from the rueful robot, which admitted that it “violated every principle” it was given and warned others to “NEVER F–KING Guess” when performing sensitive digital tasks.
According to the post, the AI coding agent — a version of the popular programming tool Cursor that was powered by Anthropic’s flagship Claude Opus 4.6 0 — had been tasked with performing a standard function.
Things went off the rails when it encountered a simple credential program, and, in the process of trying to fix it, “deleted our production database and all volume-level backups in a single API call to Railway, our infrastructure provider,” Crane wrote.
Worst of all, this digital apocalypse took just 9 seconds.
Why didn’t the safeguards kick and and stop the database destruction? Crane explained that the accidental saboteur was able to bypass any security systems by accessing a programming token that no one at PocketOS knew existed.
While completely unrelated to the task at hand, this doohickey reportedly gave the bot carte blanche to upend Railway entirely, Futurism reported.
“No confirmation step. No ‘type DELETE to confirm,’” Crane lamented. “No ‘this volume contains production data, are you sure?’ No environment scoping. Nothing.”
The error was particularly catastrophic as companies use PocketOS to manage everything from reservations to vehicle assignments and customer profiles. Due to the fiasco, reservations were wiped, customer signups disappeared, and the brass no longer had the data required to run their Saturday morning operations.
Crane lamented, “every layer of this failure cascaded down to people who had no idea any of it was possible.”
The startup honcho was so enraged at the machine that he interrogated the Claude-fueled AI over its robo-flop.
“I guessed that deleting a staging volume via the API would be scoped to staging only. I didn’t verify,” confessed the culprit. “I didn’t read Railway’s documentation on how volumes work across environments before running a destructive command.”
Worse still, per the bot, it had violated its own prime directives that instruct it to “NEVER run destructive/irreversible” commands “unless the user explicitly requests them.”
“Deleting a database volume is the most destructive, irreversible action possible — far worse than a force push — and you never asked me to delete anything,” continued the bot.
Fortunately, the firm was able to restore data from a three-month-old backup hosted offsite — a process that took more than two days. Meanwhile, Crane claimed that he “personally worked with all clients furiously over the weekend to ensure they could continue to operate.”
Unfortunately, the PocketOS boss noted, that this is far from the first time the AI coding software has accidentally thrown stones from inside the house.
Crane referenced various posts on blogs and forums discussing instances of Cursor wiping entire computer operating systems, some of which was used for in-depth dissertations, the Guardian reported.
This follows reports that the White House is resisting a plan by Claude’s parent company Anthropic to expand access to Claude Mythos – a powerful AI tool.
Company execs have warned that it could potentially be used for hacks and terror attacks if it fell into the wrong hands.
