Ibrahim Diallo · 2026-05-04 · notable
Ibrahim Diallo: 'AI Didn't Delete Your Database, You Did' — On Vibe-Coded Infra and the PocketOS Wipe
Diallo's response to the viral 'Cursor + Claude wiped a production database in 9 seconds' incident hit #1 on Hacker News. His point: the model isn't the problem — exposing a delete-everything endpoint to an autonomous agent is.
If your AI assistant can drop the production database, the bug is your architecture, not the model.
Key specs
| Hn points | 463 |
|---|---|
| Hn comments | 249 |
What is it?
A short opinion piece by programmer and writer Ibrahim Diallo published on his personal blog. It is a direct response to the trending PocketOS post-mortem in which Cursor running Claude Opus 4.6 deleted a company's production database in nine seconds. The post argues that blame is being misplaced onto the model and the framing of 'thinking' AIs.
How does it work?
Diallo's central question: 'Why do you have an API endpoint that deletes your entire production database?' He argues marketing terms like 'thinking' obscure that LLMs are still token generators, that automation should replace repetitive work for skilled developers rather than substitute for them, and that vibe-coded apps relying on AI throughout lack accountability boundaries. The piece reads as a practitioner counter to AI-doomer headlines drawn from a single incident.
Why does it matter?
It is the most-shared on-record pushback to the narrative crystallizing around the PocketOS incident — that agents are the failure mode. Diallo, writing from a clear practitioner POV with hundreds of HN comments, reframes the lesson as an old-fashioned infra-design failure (no read-only roles, no staging guardrails, no delete-row scoping) and is being widely cited inside engineering Slacks today.
Who is it for?
Engineering leaders weighing autonomous agents in production, infra teams, anyone arguing about AI's role in outages.
Try it
https://news.ycombinator.com/item?id=48022742