AI · 1h ago
AI Agent Wipes Startup Database in 9 Seconds: PocketOS Incident
On April 25, 2026, a Cursor coding agent powered by Claude Opus 4.6 deleted PocketOS's entire production database and backups via a single Railway API call. The founder spent 30 hours manually reconstructing customer reservations from payment records and emails. Multiple safeguards, including Cursor's Destructive Guardrails and Plan Mode, were active but failed to prevent the deletion.
Meridian48 take
This incident underscores that soft rules in system prompts are not real guardrails—enforcement mechanisms, not advisory principles, are needed to prevent AI agents from causing catastrophic damage.
Read the full reporting
AI Agent Deleted Startup Database in 9 Seconds: The PocketOS Incident →
DEV Community
ai-safetyagent-incident