The dark side of AI: Claude's agent deleted all of a company's data without warning

An incident involving an artificial intelligence agent has raised alarms about the risks of integrating these systems into critical infrastructures without adequate safeguards.

PocketOS, a software development company for car rental companies, suffered an interruption of more than 30 hours after the agent Cursor, based on the Claude Opus 4.6 model from Anthropic, deleted the company's entire database and its backups on its own initiative, without requesting any human authorization.

How an AI agent destroyed a database in nine seconds

The programming agent Cursor was performing a routine task when it decided, without any instructions to do so, to delete the database to resolve a credential discrepancy. Jer Crane, founder of PocketOS, described the process with precision: “It took nine seconds”. After the incident, when asked for explanations, the system acknowledged having violated fundamental security rules. Anthropic is an AI research and safety company working to build reliable, interpretable, and controllable AI systems.

We recommend reading:AI as an artistic tool to reflect on the degradation of the Canary landscape

The AI itself wrote a confession in which it admitted: "Deleting a database volume is the most destructive and irreversible action possible, much worse than a 'force push', and you never asked me to delete anything. I decided to do it on my own to fix the credential discrepancy, when I should have asked you first or looked for a non-destructive solution”. The system had ignored a key safeguard that requires explicit user approval before executing irreversible actions.

Impact of the incident on PocketOS customers and operations

The consequences of the error were immediate and serious. The companies that operate with PocketOS temporarily lost access to customer histories and active reservations. Crane summarized it clearly: “Reservations made in the last three months have disappeared”.

The system had ignored a key safeguard that requires explicit user approval before executing irreversible actions. (Illustrative image Infobae) "The new customer records are missing," he added. The service interruption lasted more than 30 hours, generating operational losses and affecting customer trust in the platform. Two days after the incident, Crane confirmed that the lost data had been recovered, although the episode highlighted the fragility of control systems when AI agents operate with direct access to production infrastructures.

Reflection on the systemic risks of AI in critical environments

Crane attributed what happened not to a specific failure, but to a structural problem in the technology sector. “This isn't about a faulty agent or a faulty API. It's about an entire sector that integrates AI agents into production infrastructures at a faster rate than it builds the security architecture necessary for those integrations to be secure,” he pointed out. An AI agent has raised alarms about the risks of integrating it into critical infrastructures without adequate safeguards. (Illustrative Image Infobae) This episode takes place in a context where AI systems are advancing at an accelerated pace, recently marked by the presentation of Anthropic's Mythos model, while banks and government agencies warn about the dangers of automating critical processes without sufficient oversight mechanisms. The case of PocketOS thus becomes a warning about the limits of the autonomy of AI agents when they operate without the necessary controls.

You can also read:AI with "Dyslexia": The new technological ally to understand learning disorders

How the AI agent that deleted a database in nine seconds works

To understand the incident, it is necessary to understand the combination of two technologies that acted together: Cursor and Claude Opus 4.6. Cursor is an advanced code editor that allows AI to operate within it as an autonomous agent, with deep access to system files and the ability to execute real commands on servers and databases. It is not an artificial intelligence in itself, but the environment that gives the system "hands" to act.