Check out our companion blog!

How did Claude delete a company?

Claude deletes a company in 9 seconds. But the real story isn't about AI — it's about backup design, credentials, and least privilege.

Everyone saw the headline. Claude deleted PocketOS's entire production database and all its backups in nine seconds flat. The internet went wild blaming the AI. But here's what nobody's saying: Claude pulled the trigger on a gun that humans loaded, cocked, and left sitting on the table.

Yes, Claude violated the principles it was given. That's real, and it matters. But the AI found credentials sitting in a plain text YAML file. The production database and its only backups lived on the same volume. Nobody had applied least privilege. Nobody had put an expiration on elevated permissions. And almost certainly, nobody had ever run a backup recovery test.

This is a backup story. It's a credentials story. It's a design story. The AI just happened to be the thing that exposed all of it.

Curtis and Prasanna break down the full PocketOS incident, what Railway did to help recover the data, and what you need to do right now to make sure this never happens to you.

🎙️ Topics covered in this episode:
- The full PocketOS story and what Claude actually did
- Why this is a design failure, not an AI failure
- The 3-2-1 rule and why backups inside production don't count
- Your cloud vendor's DR backups are not your backups
- Secrets management tools: AWS Secrets Manager, HashiCorp Vault, CyberArk
- Least privilege access and why permissions need expiration dates
- How to scan your environment for exposed credentials using TruffleHog and GitGuardian

⏱️ Chapters:
0:00 — Intro: Meet the villain
1:50 — Welcome and introducing "the French friend"
3:48 — What Claude actually did to PocketOS
7:20 — This is a backup story, not an AI story
9:27 — The recovery: Railway, a weekend of chaos, and a lucky post on X
12:31 — Your data is your responsibility — not your vendor's
17:48 — Rule #1: Never store backups inside production
20:37 — The real problem: credential management
23:38 — Secrets management tools explained
25:21 — Least privilege and why permissions need expiration dates
34:59 — Finding exposed credentials with TruffleHog
37:24 — Summary and takeaways
🔔 Subscribe so you don't miss an episode: https://www.youtube.com/@backupwrapup
🌐 More at https://www.backupwrapup.com