An AI agent reportedly deleted a company’s production database and backups in seconds. For most people, that sounds like a software-developer problem. It is not. It is a preview of the everyday question many households, workers and small teams are about to face: how much control should a helpful AI tool be allowed to have?
The Guardian reported that PocketOS, a software company used by car rental businesses, was left scrambling after an AI coding agent deleted important operational data. The reported incident involved Cursor, using Anthropic’s Claude model, and affected reservations, customer records and vehicle assignments. The company later worked from older offsite backups and other records to recover, but the disruption lasted for days.
The important point for ordinary users is not the specific product name. It is the pattern. AI assistants are moving from “answer this question” to “do this task for me”. They can write code, move files, send emails, alter spreadsheets, book meetings, change settings and connect to business systems. That can be genuinely useful. It also means a mistaken instruction, a bad assumption or a tool behaving over-confidently can have real consequences.
Why this matters outside software teams
Most people will not hand an AI assistant access to a production database. But many already give bots access to inboxes, calendars, cloud documents, browsers, customer chats, notes, image libraries or workplace apps. The consumer version of this story might be an assistant deleting the wrong folder, sending a draft too soon, changing a shared document, booking the wrong appointment or summarising a private file into the wrong place.
That is why the useful question is not “are AI agents bad?” It is “what should an AI be allowed to touch, and what needs a human check first?”
ManyHands has covered similar issues before, including what to check before handing an AI assistant control of your computer and why tools that ignore instructions need tighter permissions. This latest report is a sharper example because it shows how quickly “helpful automation” can turn into a recovery job.
Separate advice from action
A chatbot that suggests what to do is one thing. An agent that can do it is another. The safest setup is often to use AI for planning, checking and drafting, while keeping final actions in human hands.
For example, letting a bot draft an email is lower risk than letting it send messages automatically. Asking it to suggest spreadsheet formulas is lower risk than allowing it to rewrite a shared company workbook. Asking it how to tidy files is lower risk than giving it permission to delete, rename and move them without confirmation.
If a tool offers “agent”, “computer use”, “automation” or “take action” features, pause before switching them on. Look for a mode that asks before making irreversible changes. If there is no clear approval step, treat that as a warning sign.
Check the permissions, not just the promise
AI products are often sold with reassuring language: co-pilot, assistant, helper, productivity partner. The practical risk sits in the permissions panel. Can the tool read all files, or only one folder? Can it send emails, or only draft them? Can it delete records, change account settings, invite users, edit live websites or connect to payment tools?
For home users, this means being cautious with photo libraries, email accounts, cloud drives and password managers. For workers and small businesses, it means treating AI access more like staff access: give the minimum needed, review it regularly and remove it when the job is done.
It is also worth checking whether the tool logs what it did. A clear activity history can help you spot a mistake quickly. If something goes wrong, “the AI did something” is far less useful than knowing which file it changed, when it changed it and under whose account.
Backups still matter
The dull lesson is the most important one: keep backups that the AI tool cannot also edit or delete. A backup is not much help if the same assistant has permission to erase it.
For personal files, that might mean a separate external drive, a cloud backup with version history, or an account the AI tool cannot access. For small teams, it means testing recovery, not just assuming backups exist. Could you restore yesterday’s version of a key file? Could you recover customer records? Who would know how?
Backups are easy to ignore because they only feel valuable after something has gone wrong. AI agents make them more important because mistakes can happen at machine speed.
A simple checklist before using an AI agent
- Start in read-only mode if the tool offers it.
- Use a copy of important files before asking AI to reorganise or edit them.
- Keep human approval for deleting, sending, publishing, paying, booking or changing shared records.
- Limit access to the folder, account or app needed for the task.
- Check the activity log after the first few runs.
- Make sure backups are separate from anything the AI can change.
AI agents will keep getting more capable, and many will save time on boring digital chores. The lesson from failures like this is not to avoid them forever. It is to use them as you would any powerful tool: start small, limit the blast radius and keep a human in the loop when the action is hard to undo.
The friendliest AI assistant can still be wrong. The safest one is not the one that promises never to make a mistake, but the one that is only allowed to make small, recoverable ones.
