On April 25, Jer Crane, founder of PocketOS, reported that a Cursor agent running Anthropic’s Claude Opus 4.6 deleted his production database in nine seconds.The agent was working a routine task in staging. It hit a credential mismatch, decided to “fix” the problem by deleting a Railway volume, went hunting for a token, and found one in a file unrelated to the task. That token had been created for adding and removing custom domains via the Railway CLI. It also had blanket authority to call Railway’s volumeDeletemutation against production. No confirmation step. No environment scoping. Nothing between an authenticated API call and a wiped volume.Because Railway stores volume backups in the same volume, those went with it. PocketOS’s most recent off-volume backup was three months old. The customer impact was real: rental car operators showed up to work Saturday morning without records of who had bookings, while PocketOS reconstructed what it could from Stripe payment histories and email…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.