yeah, the fact that it was as simple as npm run db:push really strikes me that this was a timebomb waiting to happen. Lucky it happened to the AI agent and not some poor jr dev at the end of week 1.
I have a buddy that works for a large multinational corporation, whose job is not coding. In his spare time, to make his own job easier, he started learning about how to work with a data base containing information from literally millions of clients. After like a month, his employer learned this and then refused to renew the contract for the external data management contractors who were maintaining it. They gave him the keys to the kingdom and said good luck. Fortunately it was humming along ok and he was able to pass the buck after a few months without any incident. Apparently the only reason he was removed from access was that he would have had to take some sort of qualification exam to get certified to handle personal information, and his employer didn’t want to pay him more.
In short: a fortune 500 company gave unlimited access to their entire customer records to a guy who had never been taught anything about coding except by youtube on his lunch breaks.
It really feels like even the most rudimentary protocols for data protection would have stopped this.
Or atleast have a backup ready to go.
yeah, the fact that it was as simple as
npm run db:pushreally strikes me that this was a timebomb waiting to happen. Lucky it happened to the AI agent and not some poor jr dev at the end of week 1.I have a buddy that works for a large multinational corporation, whose job is not coding. In his spare time, to make his own job easier, he started learning about how to work with a data base containing information from literally millions of clients. After like a month, his employer learned this and then refused to renew the contract for the external data management contractors who were maintaining it. They gave him the keys to the kingdom and said good luck. Fortunately it was humming along ok and he was able to pass the buck after a few months without any incident. Apparently the only reason he was removed from access was that he would have had to take some sort of qualification exam to get certified to handle personal information, and his employer didn’t want to pay him more.
In short: a fortune 500 company gave unlimited access to their entire customer records to a guy who had never been taught anything about coding except by youtube on his lunch breaks.
getting an ai agent to do that is exactly what i’d do 20 minutes after doing it myself by accident
Del C:/a/s
Dude where my system go?
in the thread he says something like “But the database was always sacrosanct”
then where were your fucking db access perms?? why did you give the lie machine access to prod???