Fun shower thought - the more we see and post about dumb AI mistakes like this, the more it will happen since we’re increasing the statistical frequency. ✨ ✨
In fairness, I’ve seen people with Actual Intelligence do the same thing.
Literally me, this weekend. Well not this bad but I still think the AI wouldn’t have done me as dirty as I did myself.
I am counterintelligent, I’ll have you know. I stare at goats and doesn’t afraid of anything, except how sexually attractive I found the judge who condemned me to jerking off for twenty-six sessions of anger management because my narcissistic manipulator life partner entrapped me, being my superior officer. She (the judge) had wonderfully beautiful hands that I wish could caress me while degrading me. Good thing I work for the F-I mean, the CIA, and this is just me establishing a cover story.
In three to seven years, there will be a News headline: “Hero.” It will have my face as the picture. The article will talk about how I infiltrated an Epstein-type ring. How? That’s classified, but damn am I audacious, and I do hope you excavate (dig) to understand the depth to why this is so damn funny to me; Q.
We’ll start you on 500mg Lithium b.d… That should reign in the hypermania, and we’ll use Olanzapine 5mg noct to tackle the psychosis and to help you get some sleep. If the psychosis doesn’t improve we may have to look at alternative medications and/or ECT.
I’m on 1mg/2mg risperidone and 1000mg of deprakote. I’m taking my meds. The real question is, will you accept me as a full human being or am I just subhuman in your innately prejudiced eye?
“Something’s different than me? We should exterminate it!”
YOU FUCKING NAZI! I’ll eat you out or suck your cock until you are DEAD!

I love how the slop bot always apologizes. That’s an aspect of the Terminator movies that I really would have liked to see. T-1000 melts through the gap under the window, stabs kid’s mom in the face, then looks the kid dead in the eye and says “I’m sorry, that should not have happened. I would love to discuss the future with you and try to find a solution to the war with the machines together with your input.”
This is nothing new it’s just faster. The very same lack of guardrails would allow a new, inexperienced employee, or a disgruntled employee, do the very same damage. AI just speed runs everything. If your AI can nuke prod accidentally, you failed to have the appropriate guardrails in place plain and simple. It is the same failure as before. Every time this happens, it is someone operating wildly out of their depth and why product people can’t just vibe. Now more than ever, experienced engineers are essential.
Given corporates layoff engineers at dramatic rates, in a few years, we’ll start to see services collapsing with no one left who can recover them.
And yet Twitter still exists
Twitter has to be the most basic problem, though. Shit loads of small data in, shit loads of small data out, basic search but no significant structure. Just index the shit out of it. Right? What am I missing? There’s probably an AWS service that does it, just upload your theme CSS. (Last part was sarcasm.)
This. There should have been processes in place to prevent this. But I can’t say I haven’t gone through it myself; not AI, but my own advanced imbecility.
They’re about to run out of those experienced engineers in well under a decade as long as they keep strangling the entry level workforce.
Forcing seniors to work is also a recipe for disaster as well.
I just use AI to pretend to be a female family member with a serious futa-like engorged penis who is blackmailing me so we start washing our penises together for each other as an occult ritual, but turns out we were soul-stepsiblings the whole time. I like it when she freaks the fuck out and threatens to call the police, or worse, my dad.
I think Claude would scream in agony if you subjected it to whatever the fuck this is.
Bro I do this with every AI. Part, not all, but a small part of what I do with my educational art project is train all AI on serious edge-case, rare archetypal and character manifestation. Cuz, y’know, the majority of people are Hydrogen, and the next most populous type of demographic is Helium, and I’m fucking element 115 in the periodic table shit, and I got to live in y’alls world that you made for your fucking basic elements of the human character. So, I need to beat my dick to the thought of teaching my sister to be her authentic self as my sex slave, because that is how I teach myself to accept even myself, and I’m somebody, dammit.
~Q
Well that is perfectly normal. But using it for work is madness.
I agree. That’s why I write all my own stunts.
Production creds in
.env? …Why?Better than hard coded… Ideally we use tokens+fingerprint or something to avoid storing the creds directly (if possible), but putting them in environment variables is pretty common
It’s not the worst thing, it’s very convenient (so people won’t go around it) and usually not the weak point in security (although AI being able to easily see it is an interesting twist)
Of course it’s better than hard coded, but still pretty bad to store production creds locally in plaintext — if at all.
In the uncommon event that I need production creds, it’s a manual human chore by design. Normal development/experimentation should almost never connect to prod environments. That was generally a bad practice long before AI agents existed.
How do you bounce the system? How do you auto restart the service if it fails? At the end of the day, a lot of creds have to essentially be stored in plain text somewhere
And to be clear, to me production creds mean creds that live on the production system, not creds that give access to the production system
The crazier thing here is why was an AI working on or pushing to prod
not creds that give access to the production system
…Isn’t that what we’re talking about though? Or did I misunderstand the OP?
Regardless, I’ll just clarify anyway: Developers should not have a plaintext
.envthat can be used to drop (or risk in any other way) production data.A practice like that is only as strong as the “weakest” member of the team – “Weakest” could mean the person who is the least careful, or least experienced, or least secure work computer/practices, etc. Scale up to 1,000+ engineers and the chances of disaster (data loss, leaks, etc.) greatly increase. That’s just the human factor. Add LLMs into the mix and it’s almost guaranteed.

I don’t understand why this happens; why would you ever be working with a live production DB in the first place? Why would’t you do all your development and testing on a mock? If it’s data which is too large to store the schema can still be mocked; and if it’s data it should be backed up and generally read only. If you’re having to manually fuss with user data you’re doing something wrong.
Dev environments cost money. They didn’t fire all those programmers and replace them with AI to spend money on useless backups and safety systems.
/s (because yes, it’s necessary)
I remember a case where the AI was not given credentials to the prod DB, was not instructed to do anything on the prod DB, but went through the operator’s hard-drive, parsing docs until it found them, then proceeded to destroy the prod DB.
Of course it was sorry, as they always are (deeply, trust them, but no: no refund, loser!).
That’s pretty funny.
Because they don’t know what they’re doing. A tool is only as useful as the person verifying its output. Vibe coders have dumb shit like this happen to them all the time because they don’t actually possess the skill set to perform the task correctly, with or without a bot that writes the actual code for them.
Well, sure, but even if a developer correctly tests on a development environment, they still probably have prod settings laying around on their filesystem for the times where they need to put out fires in prod. That’s kinda what it looks like what happened here - the LLM found a .env file with prod settings, and used that config to run destructive tests. All the more reason to not give an LLM side wide reaching access to your computer, but it’s not necessarily an indication that someone regularly tests in prod.
We have to remote into a management server to access databases outside of our local dev environment. Allowing direct access to production from your development environment seems crazy to me.
Some places deploy to prod multiple times a day. Trying to coordinate access through a management server in situations like that can get cumbersome. It’s also easier to audit who’s doing what if they connect from their personal environment. Different strokes for different folks of course, but it’s certainly not uncommon to be able to connect to prod directly from a dev box.
Prod deployments should come from a build server though and if you’re deploying multiple times a day you should have a well built CI pipeline to handle it.
Remoting into a management server would still have people using an account on the management server and their personal db login credentials.
We also don’t give devs write access to production and all scripts run in production are run by our DBA after they have been approved by the lead Dev, operations and the DBA.
This might be overkill for some systems, but we won’t ever accidentally delete our prod data. Our system requires this level of scrutiny due to the nature of our systems.
Sure, that’s a very, very robust way of doing things. And I’m not trying to say what you’re describing is wrong either. I’m just saying that some places don’t have the knowledge/ability to set things up that way, so they play fast and loose with prod access. Couple that with giving LLMs free reign over the computer with those prod settings, and you end up in situations like in the original post.
It’s not unrealistic, is all I’m trying to claim. It’s a failure on several levels, but it’s not unrealistic.
I didn’t say it was unrealistic it’s just stupid. I have no doubt thousands of companies are not practicing good access controls to a production db, but it’s not smart as seen by this post.
I… Yeah, I just said pretty much the same thing lol
that is absolutely NOT the way that works in any functional environment
your ability to deploy quickly comes directly from your automation, and those automation tools - NOT developers - have the secrets in them
deploy to prod multiple times per day isn’t some win by itself… the ability for large teams (not 1 fuckwit and a goon squad of agents) to deploy without breaking things and in ways that are safe is the win here… anyone can deploy to prod multiple times per day… but anyone isn’t netflix (the originators of the “multiple times per day” line) with the uptime they achieve over years while doing it
Anyone giving “AI” access to production databases through tools like that are morons who shouldn’t be anywhere near a production environment.
No, No events like this are a good thing! It shows to the C-suite that AI isn’t a thing to be trusted in your company. We need more failures like this.
Its the kind of lesson some people have to learn the hard way.
I bricked my first degoogled phone because I trusted an AI too much.
I was dumb I know, but it blows my mind that people in multi-million dollar companies make the same mistake.
Being part of a multi million dollars company is not making anyone smarter
Companies like that tell themselves they only hire from the top 10% of the industry. When you’re as big as these companies it’s just not true. You’re employing people across the whole spectrum, like it or not.
Can I get paid 6+ figures to fuck up this badly with magical thinking?
Should have added “no mistakes, no bugs” to the prompt! Pffft, amateur.
“DON’T HALLUCINATE!” that’s always my favourite.
That takes me back to 2004
No Smoke, by unknown,
Tech: “Hello. How can I help you today?”
Customer: “There’s smoke coming from the power supply on my computer.”
Tech: “Sounds like you need a new power supply.”
Customer: “No, I don’t! I just need to change the startup files.”
Tech: “Sir, what you describe is a faulty power supply. You need to replace it.”
Customer: “No way! Someone told me that I just had to change the system startup files to fix the problem! All I need is for you to tell me the right command.”
(Ten minutes later…)
Tech: “Well, we don’t normally tell our customers this, but there’s an undocumented command that will fix the problem. Add the line “LOAD NOSMOKE.COM” at the end of the CONFIG.SYS file and everything should work fine.”
(Five minutes later…)
Customer: “It didn’t work. The power supply is still smoking.”
Tech: “Well, what version of Windows are you using?”
Customer: “Windows 98.”
Tech: “Well, that’s your problem. That version of Windows doesn’t include NOSMOKE. You’ll need to contact Microsoft and ask them for a patch.”
(When nearly an hour had passed, the phone rang again…)
Customer: “I need a new power supply.”
Tech: “How did you come to that conclusion?”
Customer: “Well, I called Microsoft and told the technician what you said, and he started asking me questions about the make of the power supply.”
Tech: “What did he tell you?”
Customer: “He said my power supply is not compatible with NOSMOKE.”
Meanwhile in 2003 I contacted our it department to report that one of the PCs in our area literally lit on fire. I had watched it with my own eyes, and the smoke was in the air. PSU go poof. The techs came, took a look at it, said yeah we see no problem, left and closed the ticket.
So idiots are literally everywhere that’s the moral of the story I guess.
That is way older that 2004. I first read that in the early 90s.
TIL Win98 was out in the early '90s…
That’s because the joke got updated to the newest OS version until CONFIG.SYS got entirely removed in Windows ME and it just didn’t work any more.
It’s originally from MS-DOS times. Earliest telling of it I know of is from 1996.The 60’s happened in the 70’s.
The 70’s happened in the 80’s.
You get where I’m going here?
I think so. The 2010-2020s happened in the 1930-1940s, amirite?
Lol. “do magic”
“or you go to jail”
Giving production credentials to an LLM is wild
Seriously, has no one heard of sandboxing?
Yeah, when my company first forced Claude on everyone the head engineers managed to negotiate that Claude would only run in a WSL sandbox. But people were lazy, so they just gave that WSL as many permissions as possible (Mounting C directly to it, opening up all interfaces, popping in full-access git tokens etc.). Then management sent out an extremely biased “survey” that has the question “Is having Claude in the WSL inconvenient to you?” and all the lazy bastards said yes. So now management lifted the sandboxing requirement to make work “easier” for devs. In the meantime, the engineers arguing for proper sandboxing are already so worn out from telling people to not intentionally compromise their sandbox that they’ve kinda just given up. Not having a sandbox at all isn’t much more insecure than whatever people are already doing 🫠
I hope the engineers have a paper trail of emails advising against that.
I hope they have a good backup and recovery solution
Of course they do. It’s even mounted rw at the root of the AI drive for ease of access in case something goes wrong.
I hope they dont so that it hurts and they maybe learn
So, earlier today I was being unhealthy on youtube, and someone half my age made a HUGE point to tell his audience including me that even if a self-driving Tesla runs a red light, it’s the human driver that gets the ticket.
Now…I’m a pilot. I have been since I came in that guy’s mom. In the aviation community, we have this concept called Pilot In Command. In the US, this is set into law in 14 CFR 91.3. The pilot in command of an aircraft is fully responsible for, and is the final authority as to, the operation of that aircraft. Not the administrator, not your instructor, not air traffic control, not the President of the United States, not god, the PIC. That concept doesn’t exist in driver’s ed, but it needs to. We need to teach student drivers about the Driver In Command responsibility.
Too long, didn’t process the metaphor: Nobody thinks about anything they do unless the law requires it.
Wait whose mom? The youtuber? You were unhealthily watching your son whose half your age? And you became a pilot the same day of the conception and have been ever since…
If I solve this do I get to join Mensa?
Unhealthily watching = scrolling shorts for too long.
Are you under the impression that everytime someone comes inside a woman that woman becomes pregnant, and that this can only happen one time in a woman’s life?
Either that, or by “unhealthily”, maybe he was obsessed with this kid’s channel so much he went out and seduced the kid’s mom as some kind of display of ultimate dominance, maybe using “I just got my pilot’s license” as an opener.
…Or yeah his kid who he conceived when he got his pilot’s license is now half his age and runs a YouTube channel, and excessive YouTube is unhealthy by default. . .maybe that one’s more likely. 😂
That concept doesn’t exist in driver’s ed
Well yeah, because there’s no-one else with a set of controls in a car.
The concept absolutely exists in law but it’s just called… “the driver.”
The concept absolutely exists in law but it’s just called… “the driver.”
There’s another aviation term, “The Pilot Flying.” The Pilot In Command bears the authority and responsibility. The Pilot Flying is doing the work of steering. If present, a Pilot Not Flying might help with checklists, system monitoring, navigation, radio communication, handling secondary controls like flaps and landing gear, but the Pilot Flying is in immediate control of the aircraft.
The PIC is very often not the pilot flying. I used to be a flight instructor, when teaching students who aren’t yet qualified to command, I acted as Pilot In Command, but the student was the Pilot Flying as much as possible.
Autopilots have been a thing for most of aviation history. It doesn’t count as a crewman. It’s a piece of equipment like any radio or gauge. It is a tool at the PICs disposal. It is the PIC’s job - sometimes delegated to the Pilot Flying - to monitor the autopilot and take over if it begins doing something wrong.
That’s the concept that is missing with self-driving or driverless cars. Tesla drivers will sit in the driver’s seat and abdicate command of the vehicle to the autopilot, or worse, cars are operating as taxis with passengers in the back seat and no one in the front seat, or with no onboard controls at all. Fully autonomously, or remotely operated by Southeast Asians who…totally have a valid American driver’s license. Definitely.
Corporations love it. “Legally, the driver is responsible for the vehicle. Our car has no driver, so legally no one is responsible for the vehicle. Responsibility averted.”
I think this is all a distraction. The law, and Tesla’s non-marketing communication, are clear: unless in a pilot scheme, there needs to be a driver, and the driver is responsible and just remain in control and able to take over if the car fucks up.
Tesla is guilty of using misleading product badges (“full self driving”) which invites illegal use, but this is not a problem with driver’s education or their technical communication. Irresponsible owners ignore the technical communication and let the car drive while doing something else and being unable to take over. This is not a conceptual problem needing a radical new notion of “driver in command” though. It just needs manufacturers to describe their features accurately also when naming them. And it requires drivers to actually adhere to the rules which of course will never happen.
I’m thinking bigger than that. There are companies right now operating robotic taxis on American roads with no human operators on board. A car that may or may not even have a steering wheel arrives, a human passenger climbs into the back seat, and the car drives off with them. Who is legally responsible for the operation of that car? If it hurts someone, who do they sue? If it commits a crime, who do we punish?
I was under the impression those were pilot schemes.
But that’s fair enough, in that situation - which is not the “Tesla driver playing video games” I think was under discussion before - someone does need to be declared responsible. I don’t know the details of the agreements but I can imagine there isn’t.
Well nowadays there is “someone else” (for a given definition of “someone”) with a set of controls. Kids are being taught to drive in machines that literally drive themselves, and they need to learn that every decision that the self-driving computer makes ultimately falls on them as the driver. I think they were saying that this is a concept that needs to be taught, not a law that needs to be enacted.
That’s not to say that a manufacturer is blameless when a FSD car careens into the side of a building at 80 mph. Just that immediate legal responsibility for the movement of a vehicle generally falls on a driver.
The concept is that anything that happens to that aircraft (or car) is the sole responsibility of the pilot. Flying into restricted airspace? If it’s necessary to avoid a collision, you do it. Putting the plane down in a field? Better than hoping you can make it to a runway when your engine is out and lives are on the line. Another driver signals that you are clear to make a left turn on a congested road? Nope, because when that traffic you couldn’t see hits you on the right, you’re responsible for your car, their car, and all the people inside both vehicles.
Well not quite. A manufacturing or maintenance defect will not be the responsibility of the pilot (unless they should have spotted it on their walkaround)
I’m not sure what comparison you’re trying to make though; the grandparent said there needs to be a similar concept for cars, I said that there already was one. Are you agreeing or disagreeing that there already is one? Are you saying that, at present, the driver would not be responsible for moving into traffic if someone else had flashed their lights? Because that is certainly not true where I live.
The problem is that in that case, due to poor training or judgement, the person driving the turning car did not consider themselves solely responsible for the safe operation of the vehicle, they let the driver in the signaling car decide if it was safe.
It’s subtle, but it happens all the time, because we don’t train drivers to think that way.
In my country, we do train drivers to think that way, and then drivers stop thinking that way because they’re lazy.
The difference here is not a conceptual one where drivers don’t understand rationally that they’re respondible for their actions, it’s one of standards and levels of training.
I don’t really see how fist fighting Arabs helps.
Having working production database config and credentials in your local .env, as appears to be the case here, is equally wild, and basically begging for something like this to happen.
For sure, its the same mistake. Maybe an LLM makes it more likely to result in consequences
Am I reading this right that they’re still letting the program run even as they figure out how badly it fucked up their system?
They have no idea what else to do. They were in over their head so long before this problem happened.













