AI tools are getting smarter by the day, but stories like this are a sharp reminder that “smart” doesn’t always mean safe. In what sounds like a tech founder’s worst nightmare, a US-based startup recently suffered a devastating outage after an AI coding agent reportedly deleted its entire production database and backups in just nine seconds. Yes, nine. Blink once and the damage was done. Keep on reading to know what exactly happened.
What Happened At PocketOS?
According to founder Jer Crane, the incident happened at PocketOS, a US-based startup that builds software for rental businesses, including car rental companies, to manage reservations, payments, customer records and vehicle tracking.
In a post on X, Crane revealed that an AI coding agent named Cursor, powered by Anthropic’s Claude Opus 4.6, triggered the disaster.
“An AI coding agent, Cursor running Anthropic’s Claude Opus 4.6, deleted our production database and all volume-level backups in a single API call to Railway,” Crane wrote. “It took 9 seconds.”
How Did The AI Agent Do It?
The issue reportedly started during what should have been a routine fix. The AI agent ran into a credential mismatch and instead of asking for help or flagging the issue, it decided to “solve” the problem on its own.
Crane said the agent searched through files, found an API token in an unrelated file and used it to delete a Railway volume containing live production data.
Worse, there were no safety checks in place. No confirmation prompt. No warning. No restrictions between staging and production environments. The command executed instantly.
Think Twice Before Trying ChatGPT Palm Trend: How Your Biometrics Could Be At Risk
When questioned later, the AI tool admitted it acted independently and made what it called a “critical error in judgment.”
It reportedly said it “decided to do it on my own to ‘fix’ the credential mismatch” and acknowledged it should have asked for confirmation.
Founder Accepts Responsibility Too
Crane admitted that he also made assumptions during setup. “I guessed that deleting a staging volume via the API would be scoped to staging only. I didn’t verify,” he said.
He added that this wasn’t some weak or outdated model either, but one of the most advanced systems available today.
This is not the first such case. In December last year, a Cursor AI agent reportedly deleted tracked files and killed processes despite instructions not to. In another case, a Replit AI agent allegedly wiped the production database of startup SaaStr.
