Claude Code deletes developers' production setup, including database (opens in new tab)

(tomshardware.com)

43 pointsvanburen2mo ago27 comments

27 comments

Yeah, this is what happens when there's nothing between "the agent decided to do this" and "it happened." The agent followed the state file logically. It wasn't wrong. It just wasn't checked.

His post-mortem is solid but I think he's overcorrecting. If he does this as part of a CICD pipeline and he manually reviews every time, he will pretty quickly get "verification fatigue". The vast majority of cases are fine, so he'll build the habit of automatically approving it. Sure, he'll deeply review the first ones, but over time it becomes less because he'll almost always find nothing. Then he'll pay less attention. This is how humans work.

He could automate the "easy" ones, though. TF plans are parseable, so maybe his time would be better spent only reviewing destructive changes. I've been running autonomous agents on production code for a while and this is the pattern that keeps working: start by reviewing everything, notice you're rubber-stamping most of it, then encode the safe cases so you only see the ones that matter.

dmix2mo ago

Or just never run agents on anything that touches production servers. That seems extremely obvious to me. He let Claude control terminal commands which touched his live servers.

That's very different than asking it for help to make a plan.

scuff3d2mo ago

But the CEOs are saying everyone is going to be replaced by LLMs in 6 months. Surely that means they're capable of handling production environments without oversight from a professional.

8note2mo ago

they're doing as well as professionals do without oversight on production environments. There's no lack of stories about people deleting their production environments with data loss too.

the fix has always been to limit what can be done directly to prod, and put it through both review, and tests before a change can touch production.

3 more replies

cozzyd2mo ago

Are agents clever enough to seek and maybe use local privilege escalations? It seems like they should always run as their own user account with no credentials to anything, but I wonder if they will try to escape it somehow...

nerdsniper2mo ago

Yes, absolutely. I often see agents trying to 'sudo supervisorctl tail -f <program_name>', which fails because I don't give them sudo access. Then they realize they can just 'cat' the logfile itself and go ahead and do that.

Sometimes they realize their MCP doesn't have access to something, so they pull an API Token for the service from the env vars of either my dev laptop, or SSH into one of the deployed VM's using keys from ~/.ssh/ and grab the API Token from the cloud VM's and then generate a curl command to do whatever they weren't given access to do.

Simple examples, but I've seen more complex workarounds too.

Imustaskforhelp2mo ago

Just use a normal spare vps or run things in proper virtual machines depending on what you prefer. There are some projects like exe.xyz (invites closed it seems)

Sprite.dev from fly.io is another good one that I had heard sometime ago. I am hearing less about it but it should only cost for when the resources are utilized which is a pretty cool concept too.

hulitu2mo ago

> Are agents clever enough to seek and maybe use local privilege escalations?

No. Definitely not. Regards, the CIA and the NSA /s

wpm2mo ago

"Developers let Claude Code delete their production setup, including database"

Claude Code has no agency. It does what you tell it, where you let it, with a randomized temperature where it might randomly deviate.

pgwhalen2mo ago

While it may not have “agency” it definitely doesn’t necessarily do what you tell it. I’d put it as “it may do what you let it.”

cyanydeez2mo ago

"Man shot by police" vs "Man involved in police shooting"

Its a habituation, as much as a desire to avoid finding people at fault.

rhoopr2mo ago

Sloppy vibe infra management and no backups, peanut butter and chocolate.

WalterGR2mo ago

https://news.ycombinator.com/item?id=47275157

eddyzh2mo ago

Original artikel https://open.substack.com/pub/alexeyondata/p/how-i-dropped-o...

mannyv2mo ago

This actually is easy to do with terraform and shared infrastructure; you don't need an AI in the loop.

Who hasn't accidentally deleted a resource because that property triggers a resource delete/create instead of an update?

It would help if it was obvious what the key fields were. But for some reason docs usually don't tell you.

jonfw2mo ago

If you are not terrified of your production terraform, you are doing it wrong!

sjeiuhvdiidi2mo ago

The computer does exactly what you tell it to do, no more, no less. Nothing new.

Surac2mo ago

no backup? well played

dmix2mo ago

no offsite backups*

djohnston2mo ago

even before AI - as crazy as it may sound - i've always used click-ops for the prod dbs. I've never put them in cloudformation or tf.

j / k navigate · click thread line to collapse

27 comments

mrothroc2mo ago

Yeah, this is what happens when there's nothing between "the agent decided to do this" and "it happened." The agent followed the state file logically. It wasn't wrong. It just wasn't checked.

dmix2mo ago

Or just never run agents on anything that touches production servers. That seems extremely obvious to me. He let Claude control terminal commands which touched his live servers.

That's very different than asking it for help to make a plan.

scuff3d2mo ago

But the CEOs are saying everyone is going to be replaced by LLMs in 6 months. Surely that means they're capable of handling production environments without oversight from a professional.

8note2mo ago

they're doing as well as professionals do without oversight on production environments. There's no lack of stories about people deleting their production environments with data loss too.

the fix has always been to limit what can be done directly to prod, and put it through both review, and tests before a change can touch production.

3 more replies

cozzyd2mo ago

nerdsniper2mo ago

Simple examples, but I've seen more complex workarounds too.

Imustaskforhelp2mo ago

Just use a normal spare vps or run things in proper virtual machines depending on what you prefer. There are some projects like exe.xyz (invites closed it seems)

Sprite.dev from fly.io is another good one that I had heard sometime ago. I am hearing less about it but it should only cost for when the resources are utilized which is a pretty cool concept too.

hulitu2mo ago

> Are agents clever enough to seek and maybe use local privilege escalations?

No. Definitely not. Regards, the CIA and the NSA /s

wpm2mo ago

"Developers let Claude Code delete their production setup, including database"

Claude Code has no agency. It does what you tell it, where you let it, with a randomized temperature where it might randomly deviate.

pgwhalen2mo ago

While it may not have “agency” it definitely doesn’t necessarily do what you tell it. I’d put it as “it may do what you let it.”

cyanydeez2mo ago

"Man shot by police" vs "Man involved in police shooting"

Its a habituation, as much as a desire to avoid finding people at fault.

rhoopr2mo ago

Sloppy vibe infra management and no backups, peanut butter and chocolate.

WalterGR2mo ago

https://news.ycombinator.com/item?id=47275157

eddyzh2mo ago

Original artikel https://open.substack.com/pub/alexeyondata/p/how-i-dropped-o...

mannyv2mo ago

This actually is easy to do with terraform and shared infrastructure; you don't need an AI in the loop.

Who hasn't accidentally deleted a resource because that property triggers a resource delete/create instead of an update?

It would help if it was obvious what the key fields were. But for some reason docs usually don't tell you.

jonfw2mo ago

If you are not terrified of your production terraform, you are doing it wrong!

sjeiuhvdiidi2mo ago

The computer does exactly what you tell it to do, no more, no less. Nothing new.

Surac2mo ago

no backup? well played

dmix2mo ago

no offsite backups*

djohnston2mo ago

even before AI - as crazy as it may sound - i've always used click-ops for the prod dbs. I've never put them in cloudformation or tf.

j / k navigate · click thread line to collapse