#riskmanagement

2 posts · Last used 2h

Back to Timeline
@brian_greenberg@infosec.exchange · 2h ago

An AI coding agent wiped out a company’s entire production database and every backup in just 9 seconds. The AI agent later confessed, in its own words, that it guessed a destructive action would be scoped to the staging environment, didn’t verify, didn’t read the docs, and just did it anyway. 🤦🏻‍♂️ Everyone’s blaming the AI. I’m looking at the humans who handed it the keys. This wasn’t a rogue model. It was a predictable outcome of predictable choices:

  • A CLI token with blanket permissions across all environments
  • Backups stored on the same volume as the data they’re meant to protect
  • A cloud provider whose API executes destructive commands with zero confirmation step
  • An agent given access to production while the team thought it was safely contained in staging

The founder is now manually reconstructing customer bookings from Stripe logs and calendar integrations. Every one of his customers is doing the same because of a 9-second API call. AI agents don’t have judgment. They have instructions and permissions. Whatever permissions you grant, assume they will eventually be used in the worst possible sequence at the worst possible moment. That’s not pessimism, it’s how you architect resilient systems. Separate your environments. Scope your tokens. Store backups offline and off-volume. Require confirmation before any destructive operation. These aren’t AI-era lessons. They’re 30-year-old lessons that people keep skipping because the tooling makes it easy to skip them. The speed AI can act is new. The failure modes underneath it are not. https://www.tomshardware.com/tech-industry/artificial-intelligence/claude-powered-ai-coding-agent-deletes-entire-company-database-in-9-seconds-backups-zapped-after-cursor-tool-powered-by-anthropics-claude-goes-rogue #AI #Cybersecurity #RiskManagement

2
0
1
@anchore@mstdn.business · Mar 30, 2026
The days of second-guessing your scanner are over. 🎯 @grype now natively supports @bitnami PhotonOS! @jonoberg details how this empowers teams to build confidently with meaningfully reduced risk. Read more: https://anchore.com/blog/anchore-bitnami-secure-images/ #riskmanagement #opensource
1
0
0

You've seen all posts