
9 Seconds to Zero: Misbehaving AI
From Cyberside Chats: Cybersecurity Insights from the Experts by Chatcyberside
May 5, 2026 · 17 min · Episode 71
About this episode
This episode discusses the security failures behind the PocketOS incident caused by an AI coding agent and the implications for AI management.
It took nine seconds for an AI coding agent to wipe the entire production database of PocketOS — a SaaS company serving hundreds of car rental operators across the US — along with every backup. Customers showed up Saturday morning to pick up their cars and there were no reservations on file. In this episode, Sherri Davidoff and Matt Durrin dig into the cascading security failures behind the PocketOS incident, connect it to a pattern of similar AI-caused outages at Replit and Amazon AWS, and explain why the real problem isn't rogue AI — it's identity. Every one of these incidents involved an AI agent acting under an identity it shouldn't have had, or that was far too powerful. The insider risk playbook applies. We just haven't been applying it to AI. Key Takeaways 1. Treat AI agents like privileged insiders, not trusted tools. Apply your full insider risk playbook: least privilege, separation of duties, peer review, monitoring for anomalous behavior. If a human developer needs approval to push to production, so does your AI agent. The PocketOS and Kiro incidents both trace back to AI agents that were granted more trust than any new employee would get on day one. 2. Scope every…
People in this episode
Host: Sherri Davidoff
Guest: Matt Durrin
Topics covered
- AI security
- database management
- insider risk
- cybersecurity incidents
- identity management
Keywords
- AI
- cybersecurity
- PocketOS
- database
- insider risk
- identity
- security failures
Mentioned in this episode
Organizations: PocketOS, Replit, Amazon AWS
More episodes of Cyberside Chats: Cybersecurity Insights from the Experts
- Damaged Goods: When your new hire is already compromised · June 9, 2026 · 15 min
- The CRM Goldmine: Inside the Salesforce Breach Wave · June 2, 2026 · 17 min
- Shadow Agents: When Your AI Workforce Has No Boss · May 26, 2026 · 29 min
- Better Than Google, Still Risky: The OpenEvidence Story · May 19, 2026 · 15 min
- Finals Week Fallout: The Canvas Hack That Shook Education · May 12, 2026 · 11 min
- Security Debt: The Risk Nobody is Reporting · April 28, 2026 · 29 min
Explore listener stats, chart rankings, contacts and more on the Cyberside Chats: Cybersecurity Insights from the Experts podcast page.