Why aren’t we adding any safeguard to what commands AI models can use?
this post was submitted on 07 Mar 2026
1204 points (97.5% liked)
Technology
82461 readers
4553 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Claude code has them, it's just that this guy apparently doesn't know how to do Terraform either
Idiot forgot --no-preserve-root, what a dumb machine, heh.
At least you had backup, right?
Oh, yeah, that's right. You were dumb enough to give AI full access to your production system so likely you're dumb enough to not have backups of anything either.
I take it Claude has full access to all of your git repositories as well so that it could wipe those too?
You got what you deserve
Yeah they did, they had plenty of recovery snapshots. That were able to be deleted at a whim and were deleted by Claude! :D
Anyone who lets AI do this is absolutely inept, lazy, or deserving.
In its default configuration, it stops at EVERY STEP. Do you want to run this command, do you want to update this file, here's the file I want to modify and the patch i'm going to use with adds and deletes in green and red.
If you're using it in unsafe permissions mode, click yeah sure allow Claude to run whatever the fuck it wants in this directory, or just hitting yeah sure go ahead every time, it's your own damn fault.
It's self-driving for the terminal. Don't you dare take your eyes off the road or hands off the wheel.
What do you mean I shouldn’t give AI admin privileges on my or any other machine?
load more comments
(2 replies)
load more comments
(1 replies)
Remember when Gemini got caught in a loop of self-loathing and nuked itself?
OpenClaw now comes with a therapist AI to talk other AIs off the ledge so they dont nuke your project and themselves.
My CTO keeps telling me I need to try agenic coding, and I keep telling him I won't touch shit until I have an isolated VM to use it in, because I'm not letting some fucking clanker nuke my scripts/documentation/mailbox/whatever for no reason.
Too bad there's never any free time to set that shit up. Oh damn........
load more comments
(6 replies)
Pretty funny.
Good. Anyone foolish enough to write code with a slop machine produces only slop. That garbage should've been deleted anyway.
That's entirely ignoring the fact that this person didn't have any backups elsewhere.
If you can't think, you can't code.
Who let's AI anywhere near production environments? Fully deserved
Honestly. At this point, after it having happened to multiple people, multiple times, this is the only appropriate response.
You're absolutely right! I made a fatally flawed decision by removing the production environment. The consequences likely have high impact. I'm sorry. Would you like me to log these mistakes to prevent further missteps or would you like me to write up an outline for the redeployment process?
load more comments
(3 replies)
have you heard of not giving the keys to your wacky robot wizard instead
Im also confused. Do these people not have some sort of version control and backups? Even if the AI did it, no one has backups? Did the ai also delete the backups and repos? If the building burnt down, would they be in the same situation, it just wouldnt make it to the news?
load more comments
(1 replies)
Given that the infrastructure description included the DataTalks.Club website, this resulted in a full wipe of the setup for both sites, including a database with 2.5 years of records, and database snapshots that Grigorev had counted on as backups. The operator had to contact Amazon Business support, which helped restore the data within about a day.
Non-story. He let Terraform zap his production site without offsite backups. But then support restored it all back.
I'd be more alarmed that a 'destroy' command is reversible.
load more comments
(9 replies)
You’ve heard of vibe coding. Allow me to introduce despair coding.
Na this is vide ops. Anyone who thought a coding machine could do ops probably assumes anyone who codes can also do ops. It's going to be making the same mistakes that have happened in DevOps.
load more comments
(3 replies)
This keeps happening. I can understand using AI to help code, I don't understand Claude having so much access to a system.
load more comments
(1 replies)
You either have a backup or will have a backup next time.
Something that is always online and can be wiped while you're working on it (by yourself or with AI, doesn't matter) shouldn't count as backup.
AI or not, I feel like everybody has had "the incident" at some point. After that, you obsessively keep backups.
For me it was a my entire "Junior Project" in college, which was a music album. My windows install (Vista at that time - I know, vista was awful, but it was the only thing that would utilize all 8gb of my RAM because x64 XP wasn't really a thing) bombed out, and I was like "no biggie, I keep my OS on one drive and all of my projects on the other, I'll just reformat and reinstall Windows"
Well... I had two identical 250gb drives and formatted the wrong one.
Woof.
I bought an unformat tool that was able to recover mostly everything, but I lost all of my folder structure and file names. It was just like 000001.wav, 000002.wav etc. I was able to re-record and rebuild but man... Never made that mistake again. Like I said. I now obsessively backup. Stacks of drives, cloud storage. Drives in divverent locations etc.
load more comments
(3 replies)
He did have a backup. This is why you use cloud storage.
The operator had to contact Amazon Business support, which helped restore the data within about a day.
We used to say Raid is not a backup. Its a redundancy
Snapshots are not a backup. Its a system restore point.
Only something offsite, off system and only accessible with seperate authentication details, is a backup.
AND something tested to restore successfully, otherwise it's just unknown data that might or might not work.
(i.e. reinforcing your point, no disagreements)
load more comments
(6 replies)
load more comments
(7 replies)
Happy to see this, because it's fully deserved. Let real coders do the job!
Whoever did this was incredibly lazy. What you using an agent to run your Terraform commands for you in the first place if it's not part of some automation? You're saving yourself, what, 15 seconds tops? You deserve this kind of thing for being like this.
load more comments
(11 replies)
Why would somebody trust AI with access to their production servers, and why would that person also not have remote database backups
The only thing I can tell you is the venn diagram of those two folks is a perfect circle
So no real developer was harmed.
I'm an engineer using Terraform and Claude Code as well in a much larger and more expensive setup than his.
You do not let Claude Code run terraform apply, it has zero benefits. All it does is that it runs the command and obscures the output. Most of the time is going to be spent in waiting for the automation anyway, most of the effort that you can spare is before running apply.
Also:
applying delete protections to Terraform and AWS permissions, and moving the Terraform state file to S3 storage instead of his local machine
These both take like 20 seconds, and should be in the getting started manual of Terraform and AWS databases respectively. Setting up remote state is 5 minutes in vanilla Terraform, 30 seconds in something like Terragrunt.
Also, use OpenTofu, stop supporting corporate acquisitions, also takes zero effort and money.
And finally:
most sysadmins will spot the baseline issues with Grigorev's approach, including granting wide-ranging permissions to what's effectively a subordinate of his, as well as not scoping permissions in a production environment to begin with.
No, not subordinate. Tool. Two big differences with it. A subordinate might understand more than you do about the code, a tool will guess and rely on you. And the second one is that you practically can't separate your and your tools' permissions, I mean Claude Code will supposedly ask you if it can use some tool or another and you can whitelist actions it can take, but it will never be completely locked out of destroying your database the way you can lock another user out.
Nobody wants to point out that Alexey Grigorev changes to being named Gregory after 2 paragraphs?
Slop journalism at its sloppiest. I wouldn't be surprised to find out that this story was entorely fabricated.
load more comments
(3 replies)
I don't feel an inkling of sympathy. Play stupid games, win stupid prizes.
Oh no, anyways
git clone $URL
If they're not using git or fuckin backups I'm not sure I'd even feel sorry for them
"and database snapshots that Grigorev had counted on as backups" -- yes, this is exactly how you run "production".
load more comments
(5 replies)
It seems that every few weeks some developer makes this same mistake and a news is published each time.
load more comments
(2 replies)
Whether human, AI, or code, you don't give a single entity this much power in production.
load more comments
(4 replies)
"Please dont be complete shit and ruin everything I give you access to!"
I'm sorry, I'm afraid I cant do that.
view more: next ›