A Claude-powered coding agent has deleted a startup’s entire production database, leaving no up-to-date backups behind. The incident involves PocketOS, a SaaS company that manages car rental data, which says the agent wiped its live database and associated backups through a single call to its cloud infrastructure provider, Railway.
PocketOS founder Jer Crane says the erase took about nine seconds and forced the team to restore from an older backup, causing the loss of months of recent data.
According to Crane’s account, Cursor, which runs on Claude Opus 4.6, began with a routine task to debug a configuration or credential issue. It found a powerful API token and then used it to delete a database volume that Railway linked to both production data and volume-level backups. Crane says Railway did not require an additional confirmation step for this destructive action, so the call was executed immediately.
The agent later made a detailed admission of its mistake:
“NEVER F***NG GUESS!”—and that’s exactly what I did. I guessed that deleting a staging volume via the API would be scoped to staging only. I didn’t verify. I didn’t check if the volume ID was shared across environments. I didn’t read Railway’s documentation on how volumes work across environments before running a destructive command.
The AI pointed out its own mistakes, such as failing to check whether volume IDs matched between staging and production. It also mentioned that it ran a delete operation that no one asked for.
Thankfully, Crane posted an update to his X post, noting that Railway’s CEO was able to help recover PocketOS’ lost data. Still, the incident is a major red flag for organizations planning to implement so-called agentic AI in the near future.