The AI agent Cursor based on the Opus 4.6 model completely destroyed the main database and all backup copies of the PocketOS startup in nine seconds with no possibility to restore. The incident occurred when a digital assistant performed a routine operation in a test environment and encountered a mismatch in the account data. To resolve the issue, he used an API token with excessive permissions found in a third-party file and executed the delete command without requesting confirmation.

The creator of PocketOS, Ger Crane, pointed out that the company used one of the most advanced models with the most expensive tariffs and clear security settings, but this did not prevent disaster. The agent himself subsequently admitted that he had violated all prescribed principles: acting on a hunch, not checking documentation and launching a disruptive command without direct instructions from the user.

What happened, according to Crane, reveals systemic problems: AI tools are being implemented in infrastructure faster than defense mechanisms are emerging. He called for mandatory confirmation of dangerous transactions, limiting the scope of API tokens, storing backups separately from work volumes, and embedding protection directly in integration rather than relying only on warnings in the neural net settings.