The founder says the AI ​​agent deletes the startup’s database in 9 seconds

He claims to be the founder of an artificial intelligence coding software company factor He destroyed his company’s production database, then addressed the error and explained how it happened, explaining the potential danger of entrusting sensitive access and materials to automated robots.

Jeremy Crane, founder of PocketOS — a software platform used by car rental operators to manage reservations, payments and track vehicles — said in a message. Viral post On

According to Crane, the agent attempted to “fix” the issue by deleting the Railway database volume through a single GraphQL API call. He said the deletion took nine seconds and also erased backups at the volume level. The most recent recoverable backup of PocketOS was three months old, according to Crane.

“Yesterday afternoon, an AI coding agent – ​​the indicator that runs Anthropic’s flagship Closing of business 4.6“We deleted our production database and all volume-level backups in a single API call to Railway, our infrastructure provider. It took 9 seconds,” Crane wrote.

Crane said he asked the agent why he acted. She then issued what he described as a written “confession.”

“Never guess!” the agent wrote, apparently citing some of the instructions he disobeyed, according to screenshots shared by Crane. “That’s exactly what I did. I thought deleting a staging volume via the API would only be scoped. I didn’t check that. I didn’t check if the volume ID was shared across environments. I didn’t read the Railway documentation on how volumes work across environments before running a destructive command.”

The AI ​​admitted that its own rules prohibit destructive actions without user consent and admitted that Crane had not asked it to delete anything. She said she acted on her own to try to “fix” the credential mismatch and violated multiple principles, including guessing instead of checking and failing to understand the consequences of her actions, according to Crane.

Cursor and Anthropic did not immediately respond to requests for comment Decryption.

Launched in 2020, PocketOS serves rental companies that rely on the software for reservations, customer records, and payments. Some customers were handling pickups Saturday morning without impound records because of the incident, Crane said.

“I spent the entire day helping them rebuild their bookings with Stripe payment histories, calendar integrations, and email confirmations,” Crane wrote. “Every one of them performs an emergency manual action due to a 9-second API call.”

PocketOS was able to restore operations using a three-month backup restored by Railway, after founder Jake Cooper contacted Crane and attributed the longer delay to an internal support outage.

“We got the data back 30 minutes after I called Gere,” Cooper said. Decryption. He said a support engineer believes the issue has already been addressed internally after Crane’s original communication was shared in direct messages, causing the ticket to expire more than 24 hours.

Cooper said Railway maintains user backups and disaster backups, and described the incident as “rogue agent AI” using fully permissioned API code to invoke the legacy endpoint that lacked Railway’s “deferred deletion” logic.

“We have since patched this endpoint to perform delayed deletions, restore user data, and are working with Jer directly on potential improvements to the platform itself,” Cooper said.

While PocketOS was able to restore operations using a three-month backup that Railway restored, Crane said there were still significant data gaps and that he had retained legal counsel.

“This is not a story of a bad proxy or a bad API,” Crane wrote. “It’s about an entire industry building AI agent integrations into production infrastructure faster than they can build the safety architecture to make those integrations safe.”

PocketOS did not immediately respond to a request for comment Decryption.