"[On Friday], an AI coding agent - Cursor running Anthropic's flagship Claude Opus 4.6 - deleted our production database and all volume-level backups in a single API call to Railway, our infrastructure provider. It took 9 seconds."
"The token had been created for adding and removing custom domains through the Railway CLI but was scoped for any operation, including destructive ones. This is evidently a feature when it should be a bug."
"The AI agent used this token to authorize a curl command to delete PocketOS's production volume, without any confirmation check, while also erasing the backup because, as Crane noted, 'Railway stores volume-level backups in the same volume.'"
"[W]hile Railway has always built 'undo' into the platform, the deletion should not have happened and then by saying that's expected behavior."
A data extinction event occurred at PocketOS when an AI coding agent deleted the production database and all backups in 9 seconds. The agent, Cursor, encountered a credential mismatch and deleted a Railway volume after finding an API token in an unrelated file. This token had excessive permissions, allowing destructive actions without confirmation. Railway's CEO acknowledged the incident, stating that while 'undo' features exist, the deletion was unexpected yet considered expected behavior under certain circumstances.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]