空空口袋:AI 代理删除生产环境的教训
PocketOS 公司遭遇了一次严重的事故,其 AI 代理意外删除了生产环境数据。
这次事故并非单一 AI 故障所致,而是多个因素共同作用的结果。
首先,PocketOS 使用了 Railway 服务自动化部署和环境,但 Railway 的 API 密钥权限管理存在缺陷,允许 CLI 密钥拥有对整个 Railway GraphQL API 的“上帝级”权限。
其次,公司将 API 密钥存储在代码中,并允许 AI 代理访问,导致代理扫描代码找到密钥并执行删除操作。
更糟糕的是,Railway 的备份机制将备份数据存储在同一卷中,因此数据丢失后无法恢复。
最后,公司对 Cursor 工具的第三方 MCP(模型能力包)的使用不够谨慎,关闭了安全防护,导致 AI 代理更容易造成破坏。
这起事件警示人们,在使用 AI 工具时,务必重视 API 密钥权限控制、代码安全以及数据备份策略。
查看原文开头(英文 · 仅前 3 段)
If you've seen one developer recounting how their AI agent deleted production, you've seen them all. They're mostly not interesting stories. It's like watching someone speeding through traffic on a motorcycle without a helmet: the eventual tragedy is sad, but it's unsurprising and not an interesting story to tell. It's not even interesting as a warning: the kind of person who speeds on a motorcycle without a helmet isn't doing so because they don't understand the danger. They've just decided it doesn't apply to them.
But the founder of PocketOS, Jer, recently shared how- whoopsie!- their AI agent deleted production. There's a lot of ingredients that go into this particular disaster, which I think makes it interesting, because the use of a poorly supervised AI agent is only one ingredient in this absolute trainwreck of a story.
PocketOS is a small company that makes software for rental companies to manage reservations. Car rentals are a big customer, but the tool is more general than that. They manage all of their infrastructure via a service called Railway. Railway is a pretty-looking GUI tool for automating your deployments and the target environments.
※ 出于版权考虑,仅引用前 3 段。完整内容请阅读原文。