Skip to content
Tech News
← Back to articles

Victim of AI agent that deleted company's entire database gets their data back — cloud provider recovers critical files and broadens its 48-hour delayed delete policy

2026-04-30 | original
read original get Cloud Data Recovery Service → more articles
Why This Matters

This incident highlights the importance of robust data recovery policies and safeguards in cloud services, especially as AI automation becomes more prevalent. The successful restoration of the database underscores the need for cloud providers to implement resilient backup strategies and improve safety measures to prevent data loss. It also emphasizes the industry's ongoing efforts to adapt policies and tooling to mitigate risks posed by AI-driven actions.

Key Takeaways

Earlier this week, we reported on a business getting into real trouble after its trigger-happy AI coding agent went out of its way to delete a mission-critical database. The founder of PocketOS was perturbed about this loss of important live business data, and their ire was on fire as initial comms with the cloud services provider indicated that they were unable to recover the lost production database, or any backups. Today, we have good news, from the cloud side of the equation, as the data deleted from Railway’s servers has been restored, apparently in full. Moreover, Railway has penned a blog stating this should never happen again, thanks to revamped policies and new guardrails.

Railway CEO just DM'd me with update: They have recovered the data (thank God!). Now let's work together and improve the tooling at Railway b/c I have always LOVED the service stack and tooling.April 27, 2026

It is good that everything appears to be running smoothly again for PocketOS and its founder, JER on X, plus all the car rental businesses that rely on their SaaS offering. Almost as soon as the data was recovered, it was revealed that both parties are working to improve the tooling at Railway and help ensure something like this doesn’t happen again.

In its extensive blog post, Railway appears to admit some culpability by explaining how the rogue AI agent bypassed its delayed deletes feature – and noting such an action is no longer possible.

Article continues below

“Until this week, calling volumeDelete on the API ran the deletion immediately, with no way to undo it. Meanwhile, the dashboard had a 48-hour window for the same action,” says the Railway technical blog. “We’ve since updated the API to match; all deletes now soft delete for 48 hours. Instant undo, a primitive available everywhere in the product, exists now in the API.”

Some other changes, with rogue AI agents in mind, will be as follows:

A reassessment of granular token permissions for API authentication.

Adjusting the cloud service’s backups so they no longer look unavailable in the UI.

New guardrails with AI agents in mind.

... continue reading

Explore topics: railway pocketos ai agent cloud provider data recovery
Related:
Anthropic Releases New AI Agents for Financial Services Firms
AI didn't delete your database, you did
CopilotKit raises $27M to help devs deploy app-native AI agents
OpenAI’s new phone being fast-tracked to launch next year, per report
What you'll pay for AI agents will be wildly variable and unpredictable

© 2026 GoKawiil

About | Editorial Policy | Contact