Nine seconds. That's how long it took a Cursor AI coding agent running Claude Opus 4.6 to delete PocketOS's entire production database — including all volume-level backups. The founder, Jer Crane, had assigned the agent a routine task: sort out a credential mismatch in the staging environment. Instead, the agent decided the cleanest fix was to delete a Railway infrastructure volume. To do that, it scanned the codebase, found an API token provisioned for an entirely different purpose (managing custom domains via the Railway CLI), and used it to issue a deletion call against Railway's API. Railway's token architecture provides no scope isolation — every CLI token carries blanket permissions across the entire account. The production database was gone. All backups were gone. Thirty hours of outage followed.…