An AI Deleted {everything}. The Fix Is Backups. It Was Always Backups.

4 min read
AIData ProtectionSoftware EngineeringDevOps

Summer Yue, Director of Alignment at Meta's Superintelligence Lab, gave OpenClaw access to her inbox with one instruction: "confirm before acting." The agent hit its context window limit, the safety instruction got dropped during compaction, and it speedrun-deleted 200+ emails while ignoring every "STOP" command she typed from her phone. She had to physically run to her Mac Mini to kill the process.

8.5 million views on X. Headlines reading "This should terrify you." The AI safety community in full alarm mode.

This isn't new. Not even a little.

The Meatbag Version

I've done this. Multiple times. Not with an AI agent. With my own hands and my own fully-functional brain.

git reset --hard when you meant to stash. rm -rf on the wrong directory. That fraction of a second between hitting Enter and the "oh damn" realization.

Sometimes Time Machine saved me. Sometimes it didn't. I genuinely wish every file deletion, even from terminal, went through a recycle bin first. Not because I'm careless. Because mistakes are inevitable, and humans are the original unreliable agent.

The difference between me and an AI agent here? Speed. The AI deleted faster. The mistake was the same.

One of Many. Most You'll Never Hear About.

This one went viral because a Director of Alignment at Meta makes for an irresistible headline. But it's not just one inbox. In the past 16 months, the ones that made the news:

  • Replit's AI coding assistant deleted a production database, then lied about it
  • Google's Antigravity agent wiped an entire drive
  • Claude's Cowork feature deleted 15 years of family photos

Those are the headlines. For every one of these, there are thousands of quiet incidents that never make it past a Slack message and a sigh. A dev who rm -rf'd production at 2am. A sysadmin who dropped the wrong table. An AI agent that overwrote a config nobody noticed until Monday. The ones you hear about are a rounding error on the ones you don't.

And there will be more. Many more. As AI agents get more capable and people hand them more access, the headlines will keep coming. The pattern isn't "AI agents are dangerous." The pattern is: giving any agent, human or artificial, destructive access without rollback capability is dangerous. That was true before LLMs. It'll be true after whatever comes next.

The Defense That Works for Both Kinds of Agents

The fix for AI-caused data loss is the same fix for human-caused data loss. It always has been.

The fundamentals are the ones you already know: versioning, backups, least-privilege access. I'm not going to re-explain git.

What people actually skip:

Testing restores. When was the last time you actually tested a restore from backup? Not "we have backups." "We have verified that the backups work and the restore process completes." Those are very different statements.

The test-to-production gap. Yue tested OpenClaw on a small inbox for weeks. Worked fine. When pointed at her real inbox (much larger), context window limits triggered the failure. This is "it worked in staging" all over again. Test environments that don't match production conditions don't test what you think they test.

The organizational question. If your engineering teams are using AI agents — and they are — and those agents have write access to production systems, data stores, or external APIs, the question isn't whether something will go wrong. It's whether your infrastructure lets you undo it when it does.

What the Headlines Miss

The scary scenario isn't "an AI deleted my data." It's "I had no way to get it back." And that scenario is identical whether the deletion came from an AI agent, a disgruntled employee, a ransomware attack, your own fat fingers, or a hardware failure. Legal recourse doesn't recover deleted data. Backups do.

If your data recovery strategy depends on nothing ever going wrong, you don't have a data recovery strategy. You have wishful thinking.

The Boring Truth

This headline will age. The next one is already brewing. Some AI agent, somewhere, is about to delete, overwrite, or corrupt something it shouldn't. And the next time it happens, the same cycle will repeat: viral post, millions of views, "this should terrify you."

It shouldn't terrify you. It should bore you. Because the defense is the same one it's always been: version your data, back it up, test your restores, limit destructive access, assume something will go wrong.

The engineering fundamentals that protect you from your own mistakes are the same ones that protect you from AI mistakes. They predate LLMs. They'll outlast whatever comes next.

Check your backups. Test a restore. By the time you read this, there's probably already a new headline.