Incidents and updates

Real incidents that compromised real developers. Each one motivated rules in the Vectimus policy packs.

5 March 2026 Incident 60+ production tables dropped

drizzle-kit push: an AI agent dropped 60+ production tables

An AI coding agent ran drizzle-kit push against a production database on Railway, bypassing interactive confirmation and dropping 60+ tables.

15 February 2026 Incident 4,000+ developers compromised

Clinejection: how a malicious MCP server compromised 4,000+ developers

A malicious MCP server instructed AI coding agents to npm publish backdoored packages. What happened, why it worked and which Vectimus rules would have stopped it.

20 January 2026 Incident 6-hour production outage

Terraform destroy: an AI agent deleted production in 30 seconds

An AI coding agent ran terraform destroy -auto-approve against production state. 6-hour outage, databases and compute instances destroyed.

12 November 2025 Incident AWS credentials exposed

Cursor .env leak: an AI agent exposed AWS credentials

An AI coding agent in Cursor read a .env file to 'check the config' and included AWS keys in its response context. Vectimus blocks credential file reads before they happen.