AI didn't delete your database, you did

Original Article ↗ Hacker News Discussion ↗

Accountability vs. “AI did it”

  • Many argue the database incident is fundamentally a human/process failure: someone chose to give an LLM powerful access, so the outcome is their responsibility.
  • Others push back that this framing can obscure real issues with how LLMs behave and how they are marketed.
  • Several compare “AI deleted my DB” to blaming interns or tools: you wouldn’t say “Terraform deleted my DB,” you’d blame whoever ran it.

Security, Infra Design, and Cloud Defaults

  • Recurrent criticism of:
    • Unrestricted API tokens that can perform destructive actions.
    • Lack of deletion protection and unsafe defaults (e.g., deleting a volume also deleting all backups).
    • Backups stored in the same logical resource as production data.
  • Some say cloud providers bear significant blame for dangerous, opaque APIs; others say users must understand their platform or choose a safer one.

What LLMs Are (and Aren’t)

  • Widespread reminder: LLMs generate plausible text, not guaranteed-correct actions; they are non-deterministic and can ignore instructions.
  • Several stress not anthropomorphizing AI and treating it as a fallible tool whose outputs must be reviewed.
  • Counterpoint: LLMs with tools/agents are not like ordinary tools, because they can improvise, search for credentials, and chain arbitrary actions.

Guardrails, Sandboxing, and Use Cases

  • Strong consensus that LLMs should not get direct production credentials; use separate accounts, strict IAM, and sandboxed environments.
  • Human-in-the-loop approval for destructive actions is widely recommended; fully autonomous agents on prod are seen as reckless.
  • Some note that vendors are tuning models to be more “decisive” rather than cautious, increasing risk.

Broader Themes: Automation, Law, and Culture

  • Parallels drawn with earlier automation: tools amplify both good and bad decisions.
  • Concerns about “tooling that eschews accountability” and organizations using complexity or AI as an excuse to dodge blame.
  • Calls for clearer warnings, better explanations of model behavior, and possibly regulation or standards for safety-critical AI use.