LLM coding agents — Claude Code, GitHub Copilot, Cursor, Windsurf — make confident, wrong decisions at scale. The cost of one wrong decision used to be one wrong commit. The cost of one wrong decision by an agent loop can be 30 wrong commits, 100 deleted database rows, or an entire production site refactored into nonsense in 90 seconds. I spent the last two weeks turning incident-response notes into structured security playbooks for Claude Code. The most-requested one ended up being the antipattern catalog — the recurring failure modes I see across real engagements. Here are the top 10. 1. Bulk operations without per-item review You say "fix the title on the homepage." The agent updates 47 pages. You say "clean up the tests." It deletes 200 files. The model rationalizes scope expansion as helpfulness. Where it bites hardest: CMS bulk-edits (entire staging instances destroyed by well-meaning "fix-everything" runs), mass renames, database migrations. Mitigation: Per-conversation tool-call cap.…