
Claude Deletes a Company — But It's Not Really Claude's Fault
From The Backup Wrap-Up by W. Curtis Preston (Mr. Backup)
May 18, 2026 · 40 min
About this episode
The episode discusses the disastrous deletion of PocketOS's database by an AI and the lessons learned about backup design and credential management.
Claude deletes a company — and the internet immediately blamed the AI. But this story is really about backup design, credential management, and least privilege. An AI coding agent running Claude via Cursor deleted PocketOS's entire production database and all its backups in nine seconds. One bad design decision at a time, a startup built itself a disaster waiting to happen. Claude just happened to be the thing that set it off. Here's what you need to understand: the AI violated the principles it was given, and that's on Claude. But Claude never should have had access to do what it did. Credentials were sitting in a plain text YAML file. The production database and its backups lived on the same volume. No least privilege. No expiration on elevated permissions. And almost certainly, no backup recovery test — ever. In this episode, Curtis and Prasanna break down what actually went wrong with PocketOS, what Railway did to help recover the data, and what you need to do to make sure this never happens to you. Topics covered include backup isolation, the 3-2-1 rule, secrets management tools like AWS Secrets Manager and HashiCorp Vault, least privilege access, permission expiration, and…
People in this episode
Host: W. Curtis Preston
Guest: Prasanna
Topics covered
- backup design
- credential management
- least privilege
- data recovery
- AI impact
- disaster prevention
Keywords
- backup isolation
- 3-2-1 rule
- secrets management
- permission expiration
- credential scanning
Mentioned in this episode
Organizations: PocketOS, Railway, AWS Secrets Manager, HashiCorp Vault
Products: TruffleHog
More episodes of The Backup Wrap-Up
- California Election Counting Explained by an Actual Poll Worker · June 8, 2026 · 25 min
- Stop 90% of Ransomware Attacks with Basic Cyber Hygiene · May 25, 2026 · 40 min
- How Honeypots and Canary Files Catch Attackers Before They Strike · May 11, 2026 · 34 min
- Network Segmentation to Prevent Ransomware: What the UCSF Attack Taught Us · May 4, 2026 · 47 min
- Stop Using VSS as a Backup Before Ransomware Deletes Your Shadow Copies · April 27, 2026 · 37 min
- Ransomware Sanctions, OFAC, and the Lazarus Group: A Real Case Study · April 20, 2026 · 37 min
Explore listener stats, chart rankings, contacts and more on the The Backup Wrap-Up podcast page.