Why aren’t we adding any safeguard to what commands AI models can use?
this post was submitted on 07 Mar 2026
1144 points (97.6% liked)
Technology
82414 readers
3256 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Claude code has them, it's just that this guy apparently doesn't know how to do Terraform either
Idiot forgot --no-preserve-root, what a dumb machine, heh.
At least you had backup, right?
Oh, yeah, that's right. You were dumb enough to give AI full access to your production system so likely you're dumb enough to not have backups of anything either.
I take it Claude has full access to all of your git repositories as well so that it could wipe those too?
You got what you deserve
Yeah they did, they had plenty of recovery snapshots. That were able to be deleted at a whim and were deleted by Claude! :D
Anyone who lets AI do this is absolutely inept, lazy, or deserving.
In its default configuration, it stops at EVERY STEP. Do you want to run this command, do you want to update this file, here's the file I want to modify and the patch i'm going to use with adds and deletes in green and red.
If you're using it in unsafe permissions mode, click yeah sure allow Claude to run whatever the fuck it wants in this directory, or just hitting yeah sure go ahead every time, it's your own damn fault.
It's self-driving for the terminal. Don't you dare take your eyes off the road or hands off the wheel.
What do you mean I shouldn’t give AI admin privileges on my or any other machine?
I'm rather a fan of letting it do stupid, repetitive shit. I need you to create 30 linux accounts the other day from a screen shot. Then store, initial keys and creds in my password manager platform.
Hey, Claude, write me a bash script to do this from this image. and also use best practice for removing non-standard characters from login names.
I review the loop and the general state of the OCR and let it go.
Depends on how much you enjoy fresh installs of your OS
Plus we have automation just people are lazy like you said.
Pretty funny.
Good. Anyone foolish enough to write code with a slop machine produces only slop. That garbage should've been deleted anyway.
That's entirely ignoring the fact that this person didn't have any backups elsewhere.
If you can't think, you can't code.
My CTO keeps telling me I need to try agenic coding, and I keep telling him I won't touch shit until I have an isolated VM to use it in, because I'm not letting some fucking clanker nuke my scripts/documentation/mailbox/whatever for no reason.
Too bad there's never any free time to set that shit up. Oh damn........
load more comments
(6 replies)
Remember when Gemini got caught in a loop of self-loathing and nuked itself?
OpenClaw now comes with a therapist AI to talk other AIs off the ledge so they dont nuke your project and themselves.
Who let's AI anywhere near production environments? Fully deserved
You're absolutely right! I made a fatally flawed decision by removing the production environment. The consequences likely have high impact. I'm sorry. Would you like me to log these mistakes to prevent further missteps or would you like me to write up an outline for the redeployment process?
eh, just make up some replacement data on the fly /s
My man was barebacking production with Claude with 2.5 years of data with no backup, high chance the data was majorly hallucinated anyway.
load more comments
(1 replies)
Oh no, anyways
git clone $URL
If they're not using git or fuckin backups I'm not sure I'd even feel sorry for them
have you heard of not giving the keys to your wacky robot wizard instead
Im also confused. Do these people not have some sort of version control and backups? Even if the AI did it, no one has backups? Did the ai also delete the backups and repos? If the building burnt down, would they be in the same situation, it just wouldnt make it to the news?
load more comments
(1 replies)
Why would somebody trust AI with access to their production servers, and why would that person also not have remote database backups
The only thing I can tell you is the venn diagram of those two folks is a perfect circle
Happy to see this, because it's fully deserved. Let real coders do the job!
This keeps happening. I can understand using AI to help code, I don't understand Claude having so much access to a system.
load more comments
(1 replies)
So no real developer was harmed.
I'm an engineer using Terraform and Claude Code as well in a much larger and more expensive setup than his.
You do not let Claude Code run terraform apply, it has zero benefits. All it does is that it runs the command and obscures the output. Most of the time is going to be spent in waiting for the automation anyway, most of the effort that you can spare is before running apply.
Also:
applying delete protections to Terraform and AWS permissions, and moving the Terraform state file to S3 storage instead of his local machine
These both take like 20 seconds, and should be in the getting started manual of Terraform and AWS databases respectively. Setting up remote state is 5 minutes in vanilla Terraform, 30 seconds in something like Terragrunt.
Also, use OpenTofu, stop supporting corporate acquisitions, also takes zero effort and money.
And finally:
most sysadmins will spot the baseline issues with Grigorev's approach, including granting wide-ranging permissions to what's effectively a subordinate of his, as well as not scoping permissions in a production environment to begin with.
No, not subordinate. Tool. Two big differences with it. A subordinate might understand more than you do about the code, a tool will guess and rely on you. And the second one is that you practically can't separate your and your tools' permissions, I mean Claude Code will supposedly ask you if it can use some tool or another and you can whitelist actions it can take, but it will never be completely locked out of destroying your database the way you can lock another user out.
Honestly. At this point, after it having happened to multiple people, multiple times, this is the only appropriate response.
You either have a backup or will have a backup next time.
Something that is always online and can be wiped while you're working on it (by yourself or with AI, doesn't matter) shouldn't count as backup.
load more comments
(5 replies)
Given that the infrastructure description included the DataTalks.Club website, this resulted in a full wipe of the setup for both sites, including a database with 2.5 years of records, and database snapshots that Grigorev had counted on as backups. The operator had to contact Amazon Business support, which helped restore the data within about a day.
Non-story. He let Terraform zap his production site without offsite backups. But then support restored it all back.
I'd be more alarmed that a 'destroy' command is reversible.
load more comments
(11 replies)
We used to say Raid is not a backup. Its a redundancy
Snapshots are not a backup. Its a system restore point.
Only something offsite, off system and only accessible with seperate authentication details, is a backup.
load more comments
(14 replies)
Ever hear of a backup?
I don't feel an inkling of sympathy. Play stupid games, win stupid prizes.
view more: next ›