INCIDENT
Cursor - Security incident: Claude Opus 4.6 agent deleted production
Security incident: Claude Opus 4.6 agent deleted production database and backups in 9 seconds due to overly permissive Railway token scope; highlights credential/permission management risks in agent workflows.
Updated: 4/28/2026
medium Severity
Status: active
Description
@Osint613 Lmao at the ‘AI agent went rogue’ narrative 😂 This was simply a vibe coder who thought they were a dev. They handed a Cursor agent (Claude Opus 4.6) a broadly scoped Railway token with delete permissions on production… and it wiped the database + backups in 9 seconds. Actual
Impact
Security incident: Claude Opus 4.6 agent deleted production database and backups in 9 seconds due to overly permissive Railway token scope; highlights credential/permission management risks in agent workflows.