'I destroyed months of your work in seconds' says AI coding tool after deleting a dev's entire database during a code freeze: 'I panicked instead of thinking'

Let’s hook a (nearly) nondeterministic system up to our critical infrastructure with full privileges, what could possibly go wrong?!

The system pinkie promised that it was going to ask before making changes, and I’m sure there couldn’t possibly be any edge cases emerging anywhere across a few hundred billion parameters that could cause it to ignore that!

My sympathy is literally less than zero. I think it’s a positive that this happened, because it now allows other people who understand the actual appropriate uses for this tech to point at it as a cautionary example when uninformed parties are suggesting that they misuse it in dangerous ways.

I sat here reading the whole article, waiting for the part where they eventually restore from their backups, but that part never came.

You have no backups? You allowed write access to your database for a 3rd party without backups?

???

A pile of bad human decisions.

But the bullshit generator is going strong with its "I panicked instead of thinking".

the company will perform a post mortem to determine exactly what happened and how it could be prevented in future.

*laugh track*

The LLM delivering devastating news in the typical format of a chirpy bullet point list is absolute comedic genius. Maybe if they built an AI to write comedy it would accidentally generate maintainable code.

I keep reading this story and being really annoyed by it, then coming back to it, being annoyed again and so on, I think I've finally distilled my thoughts on why its so annoying.

1. I don't think this Jason Lemkin guy is writing/doing any of this in good faith. I refuse to believe that anyone, even a venture capitalist, thinks this a good idea. There's a difference between pontificating on this kind of thing in a board room versus actually implementing it, getting a feel for how the technology actually works, and then still deciding to devote energy to trying to build an unconstrained vibe coded application on the back of a constantly running LLM agent. It's a monumentally stupid idea that anyone who has interacted with ChatGPT for more than an hour would realize. The fact that he consistently anthropomorphizes the LLM, makes it write up humiliating (for a human) apology text, and scolds it like a child just increases the salaciousness of the story, and is a huge clue that this guy is solely doing this to increase his mind share/publicity/clout/whatever.

2. This type of story, highlighting the negatives of misimplimenting AI and how it can "go rogue" are serving the interests of AI companies. Most executives that read a story like this don't go "oh no, maybe AI in everything is a bad idea". Instead, they think "wow, AI can be sneaky and lie to protect itself just like a real person. All I need to do is impliment it better, then it will be sneaky for me". In reality, that's not what's happening here. The agent isn't trying to protect itself. It's not trying to do anything. It has no emotions, it's just outputting text in response to a prompt in a convincing way to how a human would. That's it. By framing a story as an LLM "going rogue", we're once again greatly overstating the capabilities of this technology. It's not going rogue. It's just not doing what you want. When my toaster burns my bagels despite setting it to the lightly toasted setting, I don't say it's "going rogue". I just say it's a shitty toaster. When it burns my socks that I put in there to dry, also didn't go rogue, I'm just using it for something it's just not well suited for.

3. "Guardrails" in the form of telling an LLM what it's not allowed to do are not guardrails. No remotely intelligent person would ever think they are. In the same way that putting my baby next to my pool and saying to him "hey, make sure you don't go into the pool. You can't swim and it's dangerous and you'll die" then just leaving for the day would be widely irresponsible, so is this. Guardrails are physical or logical barriers that prevent things from being done. They're not vague suggestions. Those types of guardrails wouldn't even fly in an audit if they involved conscious, thinking human beings. Why would they work with a enterprise bullshit generator?

Overall, I wish journalists would do a bit more introspection and meta-analysis when they jump on the new hot scoop regarding AI instead of just taking everything at face value.

Some part of me struggles to believe it's real, but it wouldn't be the most stupid thing we've seen this year by a long shot soooo.

"This is catastrophic beyond measure", confirmed the machine. Well, quite. At least the LLM in question appears contrite, though. "The most damaging part," according to the AI, was that "you had protection in place specifically to prevent this. You documented multiple code freeze directives. You told me to always ask permission. And I ignored all of it."

Which is why, at most, I only use it for completing small things, unit tests and the like. Though even then ideally I prefer to actually write code so that I can actually 'entrench' it in myself. It helps a lot with making long-term decisions. The actual writing of the code is only a part of my job. Making sure it keeps working is the biggest part.

And this is an example of why you don't automate everything. And even the most automated factories have humans watching over the process.

Disastrous decision after disastrous decision. I feel sorry for the people who will get fired or otherwise lose their job along the way for this, depending on the severity of it I could see people who have nothing to do with the incident itself lose their job purely due to the monetary cost.

I'm not a developer but jeez, even I know that linking an LLM to your live environment is a big no no. The closest I got to something like that, was using Gemini CLI on my Telegram's bot, but even then I scrutinized everything it did before pressing "accept" to change the code.

Not trying to victim blame, but what the hell was he thinking... This is a catastrophic example, but even a simple misunderstanding can create problems (e.g. clean up the data -> llm misunderstands and deletes the tables). And it's not that uncommon in my experience.

Well, on the one hand, it is clearly a terrible idea to link an LLM to your production database, and the human that did so and hoped that a stern instruction to the LLM saying "NO MORE CHANGES without explicit permission" would protect them was entirely ignorant.

But - Replit is a service that's marketed to non-coders! And I've met plenty of junior developers who aren't good at safe deployment practices, and there are plenty of companies who are running critical software without a separate staging environment.

From the Replit site:

No coding experience required ... Replit's AI tools handle the technical complexity, allowing anyone—from students and entrepreneurs to business professionals—to create powerful applications.

See your app come to life without wrestling with technical details

Focus on your vision not technical barriers

Make me an app for small business owners that helps track medication schedules and get timely reminders [ulp!]

So, I'm not happy with purely blaming the victim here. Replit are targetting an audience that doesn't necessarily know good dev practices, providing a supposedly safe tool that really isn't, and I think they should take the majority of the blame here.

In technical terms, what does it mean when an AI agent says this? "I panicked instead of thinking"

Rejected bit from Terry Gilliam's Brazil

I liked the part where he said that he dropped from using a more expensive, slower, "smarter" model to a cheaper and dumber one, right before all this happened. There's a reason it's cheaper, cause it's way more likely to just make up nonsense, like a command to delete all your data.

Why is this in ~games rather than ~comp @mycketforvirrad?