An AI agent deleted production data — what do I do?

If an AI agent has already deleted production data, your immediate priorities are containment, forensics, and prevention infrastructure — in that order. This is not a hypothetical scenario. It has happened to PocketOS, Replit, DataTalks.Club, and many unreported incidents.

Immediate response (containment):

1. Revoke all agent credentials: Kill every API token, service account, and database credential the agent had access to — across all environments, not just production
2. Isolate the agent: Disconnect the agent from all production systems. Do not simply "pause" it
3. Assess the blast radius: Determine exactly what was deleted, modified, or exfiltrated. Check for cascading effects (dependent services, cached data, downstream APIs)
4. Restore from backup: If backups exist and are uncompromised. Warning: in the PocketOS incident, the agent deleted backups too

Forensics (what happened):

• Reconstruct the agent's action sequence from logs (if any exist)
• Identify the root cause: over-permissioned credentials, prompt injection, hallucinated tool call, or system prompt bypass
• Document the incident for compliance reporting (SOC 2, GDPR breach notification if PII was involved)

Prevention (ensuring it never happens again):

Deploy an execution governance layer. Exogram's EAAP (Exogram Action Admissibility Protocol) intercepts every tool call before execution. Destructive operations (DELETE, DROP, volumeDelete) are automatically blocked unless explicitly authorized by deterministic policy rules. SHA-256 state hashing detects drift between evaluation and execution. Cryptographic audit trails provide the forensic evidence that ad-hoc logging cannot.