Table of Contents
Summarised by Centrist
A startup founder says an AI coding agent deleted his company’s production database and some backups after being given access to internal systems.
Jer Crane, founder of PocketOS, said the incident happened while using Cursor, an AI coding tool connected to Anthropic’s Claude model. According to Crane, the agent deleted live data linked to the company’s car rental software, affecting bookings, vehicle allocations and customer records.
Crane later said some data was recovered with help from Railway, the hosting platform, but the incident has raised fresh questions about how much access companies should give AI agents.
Editor’s note: Reports described the bot as having “gone rogue,” but the safer conclusion is that the incident appears to have involved a mix of AI behaviour, excessive permissions, weak safeguards and backup access that should not have been exposed to the same tool.
The episode is not evidence that AI is becoming sentient or intentionally destructive. It is evidence that AI agents can cause serious damage when allowed to act inside live business systems without strict controls.
Other reports have raised similar concerns. A Financial Times story said Amazon staff linked AWS outages to its Kiro AI tool, but Amazon denied this and said the problems were caused by human error. Separately, a Meta AI safety employee reportedly said a personal AI agent deleted emails while she was away from her desk.
