Comment by giancarlostoro
10 hours ago
> Didn’t delete production database?
I still say if this happens to you with AI tooling, that's both a failure on you and your org for giving a developer prod credentials that could nuke production resources. I don't think I've worked in a place that gave me this level of blind access.
I have only worked in startups and I have been an early engineer in both of them. I would always get high privileges within a short time where I would have the access to create and delete resources. I don't think it's that uncommon.
But the correct way to do it is to have a separate account with more privileges, and only give AI access to your standard developer account
That's one way to do it, how about backup to a remote location every hour? There's more than one way to be careful.
I have personally seen AI bypass this multiple times.
5 replies →
I would never have these privileges granted directly to my account.
Indeed it’s a good practice to use roles where supported (AWS has them) and explicitly switch when needed
The problem with agents is they regularly sidestep the guardrails and do what they want with a script anyway. The number of times I’ve seen Claude try to escape the folder it’s working in, and then for it to write a python script that does exactly what I told it it’s not allowed do supports that.
If you use SSO and have an AWS config that Claude is allowed to see to get the correct role in the first place, it will just pick the role and plough on anyway.
2 replies →
The first step I do when I do any meaningful side project is to set up rds with snapshots. So any startup that doesnt do this one basic step already deserves to fail in my opinion.
Then next I've used AI agents like crazy, we even have linked mcp servers that let it query on the dev database. Haven't seen it try deleting everything a single time. I haven't seen any agent try to do anything destructive. Ever. Perhaps its just reflecting an outrageously bad engineer and nothing else.
Exactly. So is that level of obvious hygiene where the bar is or is it somewhere else. What ticks me off is the audacity of blanket claims without an attempt to even remotely state why it’s said this is a list of successful patterns and what does success mean. We’re just supposed to eat it up, because, you know, Claude.
Dude, AI has been shown to execute queries on coworkers env files, extract master keys, decrypt variables and push to production.
Why are important push secrets in a dev env config? Btw humans devs make this same mistake all the time.