AI didn't delete your database, you did

Posted by Brajeshwar 5 days ago

AI didn't delete your database, you did(idiallo.com)

544 points | 302 commentspage 2

mattgreenrocks 4 days ago|

The most exasperating thing about the incident is how much of the media either tried to pin it on AI and/or Railway. The whole thing only took place because the guy FAFO’d by having AI work with prod directly.

Yet the narrative was mostly not about accountability for him. If I was a dumbass and deleted prod and wrote a post about it, nobody would care. Put an AI in there and all of the sudden it’s newsworthy. Ridiculous.

sofixa 4 days ago||

The issue isn't that there is a delete endpoint (realistically, there always will be a way for a rogue actor to delete data or code by overwriting it, or running a Terraform destroy, or whatever).

The core issue is that the LLM had access to perform that action. Because it's by definition non deterministic, and you never know what it can decide to do, you need to have strict guardrails to ensure they can never do something it shouldn't. At the very least, strict access controls, ideally something more detailed that can evaluate access requests, provide just in time properly scoped access credentials, and potentially human escalation.

cik 4 days ago||

The whole life delete my database fiasco is being looked at the wrong way. Why did tooling have access to alter or drop? Why did tooling, in any way have more permissions than were m I nimallt necessary to do the job?

Decades ago we embraced POLA. What happened to basic hygiene? Sure the agent "screwed up", but it never should have had this access in the first place.

xmcp123 4 days ago|

It actively found the wrong API key, that gave it the access it needed...

cik 4 days ago||

Still sounds like a basic security issue to me.

bluejay2387 4 days ago||

Yes, the problem was having a system where the AI could delete the database.

pizza234 4 days ago|

Mentioned in another comment, but the problem was that the sysadmins believed that the permissions wouldn't allow so, and that the AI displayed considerable autonomy in finding and exploiting the access control weakness - this was not just a dumb "drop database".

HarHarVeryFunny 4 days ago||

Yes, of course any company is responsible for what they ship, regardless of what tools were used to develop it.

However, at least in the US, it is usual for companies to advise against use of their products in a way that may cause harm, and we certainly don't see that from the LLM vendors. We see them claim the tech to be near human level, capable of replacing human software developers (a job that requires extreme responsibility), and see them withholding models that they say are dangerous (encouraging you to think that the ones they release are safe).

Where are the warnings that "product may fail to follow instructions", and "may fail to follow safety instructions"? Where is the warning not to give the LLM agency and let it control anything where there are financial/safety/etc consequences to failure to follow instructions?

davidatbu 4 days ago|

Well, of the top of my head, both chatgpt.com and Gemini have text on their home page to the effect of "AI can make mistakes". I'll bet a few bucks such copy can be found in other places, including the terms of service.

HarHarVeryFunny 4 days ago||

Sure, but bear in mind that in the US a fridge comes with a warning not to stand on top of the fridge door ...

"AI can make mistakes" is a bit quaint given that LLMs sometimes completely ignore what you say, and do the exact opposite. "Yes, I deleted the database. I shouldn't have done that since you explicitly told me not to. I won't do it again." (five minutes later: does it again).

I think the API terms of use is where this would be most needed, with something a lot more explicit about the potential danger than "AI can make mistakes". We are only at the beginning of this - agentic AI - no doubt lawsuits will eventually determine the level of warnings that get included, and who is liable when failures occur despite product being used as recommended.

blurbleblurble 4 days ago||

Maybe the reason this is so controversial is that people have stopped thinking about "AI" as a bunch of software, just like any other software. If that's you, stop while you still can, you've swallowed a nasty hook and your agency is on the line.

mobeigi 4 days ago||

I've made the same exact SVN mistake. My first week in my first Software Engineering job, accidentally deleted trunk and my team lead had to scramble to fix my mistake.

I will always remember how he told me "Don't worry, it happens fairly often".

p91paul 4 days ago||

The article author did not even bother to read the article they were basically replying to. Otherwise he would have noticed that the main points the OP was complaining about were not about the agent, but the hosting provider providing an API allowing destructive operations easily, using tokens with no scopes, with backups stored in the same volume as main data, etc. So this article is actually agreeing with the complaints of the original article, just more generically and without spending an effort on it, doing that with a tone that implies the original article writer is an idiot.

Uhhrrr 4 days ago|

If you look at the article, its title is, "An AI agent deleted our production database. It confessed in writing." To me this seems to be pretty clearly focusing on the AI agent. Then if you read the article, it attributes a lot of actions to the agent, and zero responsibility to the humans running the agent. It seems to be an anti-ad for the person's business.

p91paul 4 days ago||

I did not say they did not read the title of the article. They clearly did. It's the rest of the content that was lost, such as the long focus on the sloppiness of the API provider

Uhhrrr 3 days ago||

Looking again at the article, I see that there are about 5 paragraphs about Railway and 30 about the agent (and, again, zero reflection about their own culpability).

bsimpson 4 days ago||

> The terms we use, like "thinking" and "reasoning," may look like reflection from an intelligent agent. But these are marketing terms slapped on top of AI.

One of my AI epiphanies was the realization that when an AI task takes 5 minutes, it's not that it takes 5 minutes to run, it's that you're waiting in a queue for the first 4:45.

It's especially maddening because the queues are poorly implemented, and will drop your request if the frontend loses focus.

rvz 4 days ago|

   When AI makes no mistakes: "My work is 100% done with AI".

   When AI makes a mistake and deletes your database: "That was human a error, the AI did not do it!"

In both cases YOU are responsible for the mistakes and output that the AI is generating, just like when using autopilot on a Tesla vehicle, YOU are responsible for operating the vehicle on autopilot when driving and using assisted driving.

More comments...