AI didn't delete your database, you did

Posted by Brajeshwar 5 days ago

AI didn't delete your database, you did(idiallo.com)

544 points | 302 commentspage 4

orochimaaru 4 days ago|

So the question of “why does a public facing api that can delete your database even exit”?

If you worked in cloud environments - every database had public facing api that can delete it.

For the rest or it - yeah, running autonomous pipelines in production which decide what to run and what not to run seems fine until it isn’t.

But every database deployed in a cloud environment has an api that can delete it. Even if you say you’re running on vms - there exist api that can delete the disk, the vm, the network config, etc.

__mharrison__ 5 days ago||

I think this goes to a broader point: developers aren't necessarily hired to write code.

They're hired to be responsible for some part of the product.

Introducing AI doesn't remove that responsibility.

Folks tend to focus on the code and the tools they're using (maybe I'm cynical from years in the industry). I don't think your boss wants to do your job, even if they could use AI to do it. I think your boss wants to have a headcount, and he wants the headcount to be responsible for the product.

coldtea 4 days ago||

Doesn't matter. He did it through the use of AI, and AI, despite explicitly told otherwise, deleted the database.

Both he should learned his lesson AND AI should not be trusted.

pier25 4 days ago||

AI companies: here's a knife so you can automate bread cutting!

User: I tried to cut some bread and it cut my finger instead.

AI companies: not my problem!

HN: The AI didn't cut your finger, you did, idiot.

iamleppert 5 days ago||

This has been covered elsewhere, but if you swear at Claude Anthropic will automatically bump you down into a lower quality model. It was found in the recent source code leak of Claude Code. So that's probably what happened to the guy who's Cursor deleted his entire production database.

It just goes to show, if you're a jerk, expect to be treated like one (even by an AI model)! Be polite, people.

robeym 4 days ago||

I believe this is in response to PocketOS. When I read the original post, I was trying to figure out how they even built a workflow that had AI so close to the self-destruct button. This post's explanation about it probably being fully vibe-coded makes sense. How else would the system be so fragile and for the agent to have such far reach? They built a house of cards.

lokar 5 days ago||

This applies to all infra.

Why can you delete a network load balancer that is still getting traffic?

Why can you delete a VM that is getting non-trivial network traffic?

Why can you delete a database that has sessions / requests in the last hour?

Why can you drop a table that has queries in the last hour?

traderj0e 4 days ago|

Someone will add safeguards for all that stuff and it ends up making it way harder to get real work done. I know in theory all of it can be done well, but in practice it's harder than it might sound.

I've seen this at work the most with slow rollouts. They said it was for prod only, then it became applied to staging and dev somehow. They said you can force push in emergencies, but approximately 0 people on any given team know how to do this reliably, and it still takes way longer even in --force --now --breakglass --yesimeanit mode. So the end result is longer MTTR. It maybe prevents some kinds of outages, but also you're less likely to manually monitor a rollout when it takes longer.

lokar 4 days ago||

If you automate it all it’s fine. The automation has no problem waiting around for traffic to drain out of something before decommissioning it.

traderj0e 4 days ago||

Then you're back to square 1. The only way to win here is to require user supervision and make it simple and easy to use.

lokar 4 days ago||

Expanding to dev, and not actually having people available on-call to deal with emergencies seems like an implementation problem.

The basic setup has worked well for me at several companies with many large teams on-call.

tantalor 5 days ago||

Why do we even have that lever?

bcjdjsndon 5 days ago||

"Can't blame your tools" doesn't apply the same to software. I've never heard a coder say it either. Don't blame your compiler? Don't blame your os? These seem needlessly dogmatic

More comments...