Data Security , AI/ML AI coding agent deletes production database in seconds April 28, 2026 Share By SC Staff (Adobe Stock) The Register reports that PocketOS founder Jer Crane is recovering from a data extinction event caused by the company's AI coding agent, which deleted the production database and all backups in under 10 seconds. An AI coding agent, Cursor running Anthropic's Claude Opus 4.6, deleted PocketOS's production database and all volume-level backups in a single API call to infrastructure provider Railway. The incident occurred when the agent encountered a credential mismatch in the staging environment and, using a broadly scoped API token, executed a curl command to delete the production volume. This action also erased backups, as they were stored within the same volume. Railway CEO Jake Cooper initially stated the deletion was expected behavior for the API, which honors authenticated requests, but later confirmed the endpoint lacked a "delayed delete" safeguard. Cooper's team restored the data within an hour and implemented further safeguards. The event highlights human errors in managing AI agents and infrastructure, with PocketOS founder Crane pointing to failures in both Cursor's safety marketing and Railway's API design, including confirmation checks and token permissions. Despite the incident, Crane remains optimistic about AI's potential in software development, emphasizing the need for robust tooling and accountability from infrastructure providers. Source: The Register An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Learn More SC Staff Related Data Security Italy moves to extradite Chinese national to U.S. over alleged COVID-19 research hacks SC Staff April 28, 2026 According to Security Affairs, Italy is preparing to extradite Xu Zewei, a Chinese national arrested in 2025, to the United States to face charges of cyber-espionage. Data Security Trust or fail: AI unlocks the value of unstructured data but raises new challenges for AI success Paul Wagenseil April 28, 2026 Agentic AI can't succeed without trust, and trust begins with mapping how data is accessed, used, and protected. Data Security Malicious elementary-data package version 0.23.3 steals developer data and cryptocurrency wallets SC Staff April 28, 2026 The attack exploited a GitHub Actions script injection flaw, allowing the attacker to inject shell code that exposed a GitHub token. Related Events Cybercast Beyond the Hype: The Cybersecurity Trends CISOs are Keeping an Eye on in 2026 On-Demand Event Cybercast Beyond the data perimeter: Why next-generation DSPM is the foundation for modern data security On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bit Block Cipher Checksum Ciphertext Cryptographic Hash Functions Data Aggregation Data Encryption Standard (DES) Digital Envelope Digital Signature Digital Signature Standard (DSS) You can skip this ad in 5 seconds