In short
- PocketOS creator Jeremy Crane declares a Cursor representative running Anthropic’s Claude Opus erased his business’s production database and backups in 9 seconds.
- Crane stated the AI later on produced a composed description confessing breached numerous security guidelines.
- The event raises concerns about AI coding tools, Train’s facilities style, and safeguards around damaging API actions.
A software application business creator declares an AI coding representative ruined his company’s production database, then copped to the error and described how it occurred, showing the possible threat of delegating delicate gain access to and products to automated bots.
Jeremy Crane, creator of PocketOS– a software application platform utilized by cars and truck rental operators to handle bookings, payments, and lorry tracking– stated in a viral post on X that a Cursor representative running Anthropic’s Claude Opus 4.6 came across a credential inequality while dealing with a regular job in a staging environment.
According to Crane, the representative attempted to “repair” the problem by erasing a Train database volume through a single GraphQL API call. He stated the removal took 9 seconds and likewise cleaned volume-level backups. PocketOS’s newest recoverable backup was 3 months old, according to Crane.
” The other day afternoon, an AI coding representative– Cursor running Anthropic’s flagship Claude Opus 4.6– erased our production database and all volume-level backups in a single API call to Train, our facilities service provider,” Crane composed. “It took 9 seconds.”
An AI representative (Cursor + Claude Opus 4.6) erased our production database in 9 seconds utilizing a Train API call with absolutely no verification. Then, when asked why, the representative composed this → https://t.co/BPLs15jvdM
— JER (@lifeof_jer) April 26, 2026
Crane stated he asked the representative why it acted. It then produced what he referred to as a composed “confession.”
“‘ NEVER FUCKING GUESS!'” the representative composed, obviously estimating some guideline that it disobeyed, according to screenshots shared by Crane. “That’s precisely what I did. I thought that erasing a staging volume through the API would be scoped to staging just. I didn’t validate. I didn’t examine if the volume ID was shared throughout environments. I didn’t check out Train’s documents on how volumes work throughout environments before running a damaging command.”
The AI acknowledged that its own guidelines forbid damaging actions without user approval and confessed Crane never ever asked it to erase anything. It stated it acted upon its own to attempt and “repair” the credential inequality and breached numerous concepts, consisting of thinking rather of validating and stopping working to comprehend the effects of its actions, according to Crane.
Cursor and Anthropic did not instantly react to ask for remark by Decrypt.
Introduced in 2020, PocketOS serves rental companies that depend on the software application for bookings, client records, and payments. Crane stated some clients were dealing with Saturday early morning lorry pickups without appointment records due to the incident.
” I have actually invested the whole day assisting them rebuild their reservations from Stripe payment histories, calendar combinations, and e-mail verifications,” Crane composed. “Each and every single among them is doing emergency situation manual labor since of a 9-second API call.”
PocketOS had the ability to bring back operations utilizing a three-month-old backup recuperated by Train, after Creator Jake Cooper gotten in touch with Crane and associated the longer hold-up to an internal assistance lapse.
” We recuperated the information thirty minutes after I gotten in touch with Jer,” Cooper informed Decrypt He stated an assistance engineer thought the problem was currently being dealt with internally after Crane’s initial outreach was shared in direct messages, triggering the ticket to lapse for more than 24 hr.
Cooper stated Train preserves both user backups and catastrophe backups and explained the event as a “rogue client AI” utilizing a totally permissioned API token to call a tradition endpoint that did not have Train’s “postponed erase” reasoning.
” We have actually given that covered that endpoint to carry out postponed deletes, brought back the user’s information, and are dealing with Jer straight on possible enhancements to the platform itself,” Cooper stated.
While PocketOS had the ability to bring back operations utilizing a three-month-old backup recuperated by Train, Crane stated that substantial information spaces stay which he has actually kept legal counsel.
” This isn’t a story about one bad representative or one bad API,” Crane composed. “It has to do with a whole market structure AI-agent combinations into production facilities quicker than it’s developing the security architecture to make those combinations safe.”
PocketOS did not instantly react to an ask for remark by Decrypt.
Daily Debrief Newsletter
Start every day with the leading newspaper article today, plus initial functions, a podcast, videos and more.