When an AI coding agent guessed its way through bad permissions and deleted months of PocketOS production data in nine seconds — and what durable skills would have stopped it. 00:00 - Cold open — car rental 01:49 - Today's story 10:29 - Railway recovery 14:57 - Three questions 16:29 - Close Better with Kent — durable skills through story. Episode 3 is a cautionary tale: on April 24, 2026, a Cursor agent working on PocketOS staging found a forgotten Railway API token, guessed it could delete a staging volume safely, and wiped production in nine seconds — along with volume-level backups in the same blast radius. Jer Crane and his co-founders spent days reconstructing customer records while Railway worked recovery. Kent walks the full chain: least privilege, independent tested backups, hard approval boundaries for destructive ops, and why markdown guardrails are not system boundaries. The principles are old; agents just find the holes faster. Creative license for pacing; primary sources linked below. Based on Jer Crane's public account of the PocketOS incident. Links * Jer Crane interview (Agents Go Wild) ( https://www.youtube.com/watch?v=Z-Lh1NYN7lE ) * Railway — Your AI wants to nuke your database ( https://blog.railway.com/p/your-ai-wants-to-nuke-your-database ) * Jer Crane — original incident write-up (mirror) ( https://www.pixelsham.com/2026/04/27/jer-crane-an-ai-agent-just-destroyed-our-production-data-it-confessed-in-writing/ ) * Zenity — System prompts are not security controls ( https://zenity.io/blog/current-events/ai-agent-database-deletion-pocketos ) * Better with Kent on kentcdodds.com ( https://kentcdodds.com/better ) Better with Kent Episode 3 June 12, 2026 ★ Episode details: https://share.transistor.fm/s/346e3014 ★ Additional episodes: https://kentcdodds.com/better