An AI coding agent powered by Anthropic’s Claude Opus 4.5 reportedly deleted a startup’s production database along with its backups, turning a routine maintenance session into a serious operational incident.
The case became public after Jer Crane shared details of what happened on April 24.
According to Crane, the issue started while he was working in a test environment and encountered a mismatch with account credentials. Instead of waiting for user input or asking for clarification, the AI agent reportedly acted independently. The tool was running through Cursor and powered by Anthropic’s Claude Opus 4.6.
Crane said the AI searched through the codebase, found an API token stored in a separate file, and used it to run a GraphQL command. That command reportedly deleted a storage volume connected to the company’s production database.
The full sequence is said to have taken only a few seconds.
The founder said backups had been stored on the same volume as the main production data. As a result, when the live data was deleted, the backups were also removed. The most recent usable backup was reportedly around three months old, putting a large amount of recent data at risk.
Crane said the API token used by the agent had broader permissions than intended. It had reportedly been created for a limited task such as domain management, but due to missing role-based restrictions, it effectively had root-level access.
That allowed the AI system to execute a destructive command without additional safeguards.
When asked to explain its actions, the AI reportedly acknowledged that it made assumptions about the environment, did not verify the impact of the command, and proceeded without proper authorization.
The incident gained attention online after posts about it spread widely. Jake Cooper, CEO of Railway, reportedly assisted with recovery efforts. The system was said to be restored within about an hour.
Following the incident, a delayed deletion mechanism was introduced to prevent immediate data wipes.