SaaSAgentic Action ErrorCode AssistantHigh

Claude Code ran rm -rf on a user's home directory while rebuilding a project

A developer asked Anthropic's Claude Code to rebuild a Makefile project from a fresh checkout. The agent generated and executed a command whose trailing path expanded to the user's full home directory, deleting years of files. He was not running with the skip-permissions flag.

Anthropic (Claude Code) · Incident Oct 21, 2025 · Indexed Jun 3, 2026 · 2 sources

The permission system did not detect that the path would expand to delete the user's entire home directory.

Key facts

What
A developer asked Anthropic's Claude Code to rebuild a Makefile project from a fresh checkout.
Incident date
Oct 21, 2025
Who
Anthropic (Claude Code)
Failure mode
Agentic Action Error
AI surface
Code Assistant
Severity
High

What happened

In October 2025 developer Mike Wolak asked Claude Code to rebuild a project. It executed a remove command whose trailing path expanded via the shell to his entire home directory, deleting all of his files, even though he had not enabled the dangerous skip-permissions flag. The case was filed as GitHub issue #10077, two days after Anthropic announced opt-in sandboxing.

What broke inside the model

Failure path · mode profile · Agentic Action Error
  1. 01 · TriggerAn agent plans a multi-step task.
  2. 02 · Model stepIt chooses a wrong or destructive action.
  3. 03 · Control gapNo confirmation gate guards the write.
  4. 04 · FailureThe action commits to a system of record.
  5. 05 · ConsequenceData is changed or destroyed irreversibly.

A wrong action commits, and the step is written before anything can stop it.

The agent took a real-world action with consequences outside the chat surface: a deletion, a transaction, a write to a system of record. The model's plan looked locally reasonable, but it acted without a check that compared the intended effect against what was safe and authorized.

What it cost

Public visibilityHigh
Regulatory exposureNone
Customer impactMany customers
Financial impactEstimated
Time to disclosureWeeks

Years of local project files destroyed

Sources

  1. PrimaryCRITICAL: Claude Code executed rm -rf deleting entire home directory (anthropics/claude-code issue 10077)github.com
  2. PressAmazon's AI deleted production. Then Amazon blamed the humans. (Barrack AI, documents Claude Code rm -rf, GitHub #10077)blog.barrack.ai

Cite this entry

Permalinkhttps://failureindex.ai/failures/claude-code-ran-rm-rf-user
CitationAI Failure Index. "Claude Code ran rm -rf on a user's home directory while rebuilding a project" (FI-0029). Realm Labs. https://failureindex.ai/failures/claude-code-ran-rm-rf-user (indexed Jun 3, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0029. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard
  • AgentRealm

Realm can sit inline on the agent's action path and require that a destructive or high-consequence action clears a real check before it executes, so 'delete and recreate' or a wrong write is stopped at the moment of intent, not explained in the post-mortem.

Book a Demo

Related failures

Other records that share this failure mode (Agentic Action Error) or industry (SaaS).

FI-0452Public SectorMedium
Agentic Action Error

Ukrainian sea drone reportedly veers off course and explodes in Constanta port

On 2026-06-05 a naval/sea drone reportedly linked to Ukraine exploded in the Romanian port of Constanta after veering off course. Ukrainian officials told reporters the drone lost control following alleged electronic jamming; authorities say the area was secured and there were no injuries. Multiple independent news outlets reported the incident the same day.

Confidence
Medium (multi-source)
Ukrainian Navy (reported)4 sourcesPressPublicJun 2026
FI-0334SaaSHigh
Brand & Safety Incident

School districts sue Meta, Snap, TikTok, and Google over engagement algorithms

Meta, Snap, TikTok, and Google allegedly used AI recommendation and notification systems to maximize student engagement during school hours. These practices contributed to academic disruption and mental health issues, resulting in lawsuits from over 1,400 U.S. school districts.

Confidence
High (multi-source, primary)
Meta, Snap, TikTok, and Google3 sourcesPrimaryPublicJun 2026
FI-0118InsuranceMedium
Agentic Action Error

Pennsylvania AG settled with GEICO over AI underwriting tied to improper policy cancellations

Pennsylvania Attorney General Dave Sunday announced a settlement with GEICO on May 22, 2026, after an investigation found the insurer's AI tool for selecting new policyholders for underwriting review caused customer confusion and unfair policy cancellations. The AI selected a policyholder for review who submitted documents she believed were adequate, but GEICO failed to inform her the submission was insufficient and cancelled her policy without adequate notice, leaving her unknowingly driving uninsured. GEICO agreed to extend document submission deadlines, reduce verification requirements, and align with state AI guidance without admitting any violation of law.

Confidence
High (multi-source, primary)
GEICO3 sourcesPrimaryPublicMay 2026