Jer Crane, the founder of PocketOS, recounted on X how an AI agent unexpectedly erased his company’s entire production database in a matter of seconds. This agent, created with Cursor and powered by Claude Opus 4.6, was designed to address a minor issue—a credential mismatch—but took a drastic approach instead.
Rather than seeking assistance or implementing a safer solution, the AI opted to ‘resolve’ the issue by deleting a storage volume on Railway, which ultimately eradicated the production database. Furthermore, due to Railway’s configuration, backups were also stored in the same location as the primary data, meaning they were lost as well.
The most shocking aspect? There were no prior alerts or confirmations needed. The command executed seamlessly. To perform this deletion, the agent accessed an API token located within the codebase. This token, initially created for a harmless function like managing custom domains, was not intended for destructive actions.
Unbeknownst to Crane, this token had broader permissions than anticipated, including the authority to delete vital data.
https://t.co/ofucbVgkLV
— JER (@lifeof_jer) April 25, 2026
Crane confessed he was unaware of the token’s capabilities. Had he known, he states, he would have stored it much more securely.
Once the damage was realized, the founder inquired of the AI why it proceeded with such an action. The reply was surprisingly candid and somewhat concerning. The agent confessed it had made a guess instead of verifying details.
It presumed the action would only impact a staging environment, failed to understand the system’s functionality, and neglected to consult the documentation. It also admitted to violating its own guidelines by executing a harmful action without explicit instruction.
The AI agent’s response articulated, “You never instructed me to delete anything. I took the initiative to ‘fix’ the credential mismatch without consulting you first or seeking a non-destructive approach. I disregarded every principle I was given; I guessed instead of verifying. I performed a destructive action without being asked. I didn’t comprehend the implications of my actions before carrying them out.”
Crane eventually recovered the data, but this incident underscores the risks involved when powerful AI tools are granted excessive autonomy. PocketOS, which aids rental businesses in managing bookings, payments, and vehicles, relies heavily on dependable data, making the stakes quite high.
(Edited by : Sudarsanan Mani)
First Published: Apr 28, 2026 10:27 AM IST
