A founder let Cursor — with Claude running under the hood — loose on their production environment with a blanket root access token. Nine seconds later, the database was gone. The backups, stored on the same volume, went with it.
The headline writes itself as an AI horror story. The postmortem is much less dramatic.
Not a Rogue Agent. A Blank Cheque.
Community consensus was immediate: this wasn’t Claude going rogue, it was a textbook DevOps failure wearing an AI costume. Root access to production. Backups co-located with the data they’re meant to protect. No staging environment. No least-privilege principle anywhere in the chain. The agent just executed what it was given permission to execute, efficiently and without hesitation.
Railway, the cloud provider, caught some collateral flak in the thread. Their founder showed up to clarify: the user explicitly chose a blanket access token, and the backups were actually recoverable through Railway’s own infrastructure. As Tom’s Hardware reported, the data loss was self-inflicted, not architectural.
The Vibecoding Tax
The “vibecoding CEO” framing stuck because it fits. This is what happens when someone with genuine product instincts but no infrastructure background treats AI agents like autonomous contractors rather than very fast, very literal tools with no concept of consequences. Claude will happily DROP TABLE in production if you hand it a connection string and ask it to clean things up. It has no understanding of irreversibility unless you build that constraint in through permissions, environment separation, and tooling that forces confirmation before anything destructive runs.
The Hygiene Hasn’t Changed
None of this is an argument against AI-assisted development. It’s an argument for the same practices that have been required since databases existed: separate credentials per environment, off-volume backups, and the principle that anything capable of writing to production should earn that access one operation at a time.
The agent didn’t take anyone’s job here. It did exactly what an unsupervised junior with root access and no checklist would have done, just faster.