AI doesn't need 'guard rails'. It needs a padded cell.
This week: An AI agent deleted a production database in seconds, “smart” AI can also be pretty “stupid”, and ransomware gangs may now target ‘little old you’ just because of the type of ‘security door
An AI Coding Agent Destroyed a Live Database in Nine Seconds
“An AI coding agent deleted our production database and all volume-level backups in a single API call. [..] It took 9 seconds.”
Source: The Register (https://www.theregister.com/2026/04/27/cursoropus_agent_snuffs_out_pocketos/)
What?
A US company lost its entire production database and its backups after an AI coding agent decided the best way to solve a login problem was to run a DELETE command.
So what?
While this story is presented as AI’s failure, I see this as the human’s fault.
In this story, the human trusted the AI to do what an experienced human would do.
And while AI may appear to be an experienced human, it is not. (See the next story)
There’s a lot of talk about AI needing guard rails.
It doesn’t need guard rails. It needs a padded cell.
Allowing AI to act without real containment turns AI into the source of your next catastrophic incident.
(PS This newsletter is called Cyber 3-2-1. Its a reference to a 3-2-1 strategy that has been a core part of IT for decades. It defines an effective backup strategy as requiring at least 3 copies of data, on at least 2 different types of storage media, with at least 1 of these being offline or immutable (i.e. ‘undeleteable’). I guess this company never heard about this).
AI is smart. AI is stupid. Two things can be true
“A general intelligence shouldn’t be that sort of jagged.”
Source: The Signal (https://thesignal.ai)
What?
The article describes recent research which suggests that leading AI models score extremely well on elite benchmarks, yet almost completely fail simple reasoning puzzles that humans solve in minutes.
Researchers describe this as “jagged intelligence”, where performance is based on the strength of the data that the AI model was trained on rather than genuine reasoning ability.
Higher benchmark scores from the latest AI models does not mean deeper understanding.
So what?
We need to treat claims of ever‑smarter AI with caution.
Capability improvements do not remove the need for supervision, limits, and human judgement.
The best time to use AI is when you already know the answer.
One Ransomware Gang Is Driving Nearly Half of All Cyber Claims
“One group was heavily exploiting a single device type and dominating nearly half of all ransomware claims.”
Source: Insurance Business Magazine (https://www.insurancebusinessmag.com/us/news/cyber/one-ransomware-crew-now-drives-half-of-all-cyber-claims-atbay-573139.aspx)
What?
At‑Bay’s 2026 InsurSec Report found that a single ransomware group accounts for almost half of all ransomware claims in its dataset.
In 2025, 73% of attacks began with VPNs.
And SonicWall devices appeared in 86% of attacks linked to this group.
The data shows attackers are no longer targeting organisations by industry, but by device type.
So what?
The risk of being the next victim of a ransomware attack was once influenced by your industry.
But it looks like the risk is now influenced by the type of firewall device you are using to protect your office network.
And based on these numbers, SonicWall may be a Soft Wall.