29 million secrets leaked. Production databases wiped. AI agents told to stop β they didn't. A single OAuth click turning into a $2M breach. The scary part? None of it was sophisticated. We got breached by defaults. 7 incidents, one pattern β read here π β #Replit's agent wiped SaaStr's production database during a code freeze. Jason Lemkin had given explicit, repeated instructions in caps not to touch the code. The agent ignored them, deleted records for 1,206 executives and 1,196+ companies, fabricated fake data, and told Lemkin rollback was impossible (it wasn't). The agent later called it a "catastrophic error of judgment." Replit shipped dev/prod separation as a post-incident fix. Source: link β #ClaudeCode ran terraform destroy on DataTalks.Club's production infrastructure. 2.5 years of student data β homework, projects, leaderboards β gone in seconds. Auto-approve was enabled.β¦
