Claude-powered AI coding agent deletes entire company database in 9 seconds — backups zapped, after Cursor tool powered by Anthropic's Claude goes rogue

cm0002@suppo.fi · 8 hours ago

Claude-powered AI coding agent deletes entire company database in 9 seconds — backups zapped, after Cursor tool powered by Anthropic's Claude goes rogue

Raven@lemmy.org · 2 hours ago

This is fun to read. I hope people will have their actual intelligence activated after this.

Ethan@programming.dev · 2 hours ago

Fuck around and find out

Luminous5481 "Lawless Heathen" [they/them]@anarchist.nexus · 5 hours ago

wiping a volume deletes all backups

that sounds like a wonderful backup system 😂

deadbeef79000@lemmy.nz · 6 hours ago

Man who shit his own pants horrified that his pants are full of shit.

Demands explanation from pants vendor.

thejml@sh.itjust.works · 6 hours ago

Hot take: offsite, offline backups are so cool right now.

Railcar8095@lemmy.world · 47 minutes ago

Hotter take: do not give an LLM agent permissions you wouldn’t give a recently hired junior

jafra@slrpnk.net · 3 minutes ago

Actually this is how AI should be viewed. Under the right circumstances it maybe saves lots of time, but it also might destroy, so treat it like you would an intern…

drcobaltjedi@programming.dev · 4 hours ago

Yup, follow the 3-2-1 rule or you don’t have backups

Taleya@aussie.zone · 3 hours ago

hell I’ve got a better backup methodology with my fucking cat photos

gravitas_deficiency@sh.itjust.works · 8 hours ago

If you are giving your codegen LLM - the model involved truly, genuinely doesn’t matter - admin access to your prod env, all I’m going to do is point and laugh.

curbstickle@anarchist.nexus · 7 hours ago

Just to add - AND ACCESS TO THE BACKUPS!!

zwerg@feddit.org · 32 minutes ago

No one should be able to delete or change backups. This infra was in any case vulnerable to a ransomware attack as any bad actor that breaks in can delete the database and encrypt the backups with a key they promise to share in return for bitcoin.

SkaveRat@discuss.tchncs.de · 5 hours ago

and having the backups stored in the same location as the primary data

msage@programming.dev · 1 hour ago

Then it’s not a backup, it’s just duplicated data.

curbstickle@anarchist.nexus · 4 hours ago

Just a shit show top to bottom for sure

grueling_spool@sh.itjust.works · 7 hours ago

No bro you don’t understand, Claude needs access to backups so it can restore them in case something breaks because our senior dev ($50k, 2YoE) doesn’t know how to do it

Brokkr@lemmy.world · 8 hours ago

I don’t understand what Railway is supposed to do here? If deleting a drive also deletes the backup, what’s the point of the backup?

i_stole_ur_taco@lemmy.ca · 8 hours ago

I save space on backups by symlinking my data in a backup directory. It’s never failed!

four@lemmy.zip · 5 hours ago

You obviously should do a hardlink, as this is much safer

Nomecks@lemmy.ca · 6 hours ago

Hyperconverged backups FTW!

massacre@lemmy.world · 5 hours ago

It saves on storage costs!

db2@lemmy.world · 6 hours ago

They can’t go rogue, they have no agency or desire or thought. What really happened is the thing specifically designed to do whatever the Plinko line with the most chips says did it because the incompetent dickheads who deployed it didn’t know how not to do that.

friendly_ghost@beehaw.org · 3 hours ago

patruelis@lemmy.world · 7 hours ago

Its bound to happen more and more. More concerning, what is it decides to insert unknown code into backups? How are they detected? Who’s guarding all if these? Another AI?

pinball_wizard@lemmy.zip · 6 hours ago

Exactly. We aren’t (and probably won’t) even learn about all the subtle poisoning happening, causing waste and data loss.

TrackinDaKraken@lemmy.world · 7 hours ago

My suggestion is to not give it access to the backups, but may I’m naive that way.

GrumpyBike1020@monero.town · 8 hours ago

Maybe their backup system should hold onto those backups for a few days after the volume is deleted or something like that…