Museum Wire
Law 0 · Katie's LawEvery system is shaped by the human drive to do less work. This is not a flaw. It is the economic force that produces all software — and all software failure.Law I · Boundary CollapseWhen data crosses into a system that interprets structure, without being constrained, it becomes executable.2026 IncidentAxios. 70 Million Downloads a Week. North Korea Inside.Law II · Ambient AuthorityWhen a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.AXM-001Set Theory — Membership, Boundaries, and BelongingLaw III · Transitive TrustWhen a system inherits trust from a source it did not verify, the attack surface extends to everything that source touches.2026 IncidentClaude Code — The Accept-Data-Loss FlagLaw IV · Complexity AccretionSystems do not become complex. They accumulate complexity — one reasonable decision at a time — until no single person can hold the whole in their head.Law V · Temporal CouplingCode that assumes sequential execution, stable state, or consistent timing will fail the moment concurrency, scale, or latency proves the assumption wrong.2026 IncidentCopy Fail — 732 Bytes to Root on Every Linux DistributionAXM-002Boolean & Propositional Logic — True, False, and the Excluded MiddleLaw VI · Observer InterferenceWhen the system that monitors health becomes a participant in the system it monitors, observation becomes a failure vector.2025Amazon Kiro — The 13-Hour Outage2025Operation Chrysalis: The Notepad++ Supply Chain Hijack2025Replit Agent — The Vibe Code Wipe2025Shai-Hulud — The npm Worm That Ate Its Own Ecosystem2024Air Canada Chatbot — The Policy That Wasn't2024Change Healthcare — One-Third of US Healthcare, One Missing MFA2024CrowdStrike — The Security Update That Broke the World2024Google Gemini Image Generation — The Six-Day Pause2024XZ Utils — The Two-Year Infiltration20233CX — The Supply Chain That Ate Another Supply Chain2023Amazon Prime Video — The Per-Frame State Machine2023Bing Sydney — The Chatbot That Went Rogue2023Samsung ChatGPT Leak — The Employee Who Pasted the SecretEFFODE · LEGE · INTELLEGELaw 0 · Katie's LawEvery system is shaped by the human drive to do less work. This is not a flaw. It is the economic force that produces all software — and all software failure.Law I · Boundary CollapseWhen data crosses into a system that interprets structure, without being constrained, it becomes executable.2026 IncidentAxios. 70 Million Downloads a Week. North Korea Inside.Law II · Ambient AuthorityWhen a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.AXM-001Set Theory — Membership, Boundaries, and BelongingLaw III · Transitive TrustWhen a system inherits trust from a source it did not verify, the attack surface extends to everything that source touches.2026 IncidentClaude Code — The Accept-Data-Loss FlagLaw IV · Complexity AccretionSystems do not become complex. They accumulate complexity — one reasonable decision at a time — until no single person can hold the whole in their head.Law V · Temporal CouplingCode that assumes sequential execution, stable state, or consistent timing will fail the moment concurrency, scale, or latency proves the assumption wrong.2026 IncidentCopy Fail — 732 Bytes to Root on Every Linux DistributionAXM-002Boolean & Propositional Logic — True, False, and the Excluded MiddleLaw VI · Observer InterferenceWhen the system that monitors health becomes a participant in the system it monitors, observation becomes a failure vector.2025Amazon Kiro — The 13-Hour Outage2025Operation Chrysalis: The Notepad++ Supply Chain Hijack2025Replit Agent — The Vibe Code Wipe2025Shai-Hulud — The npm Worm That Ate Its Own Ecosystem2024Air Canada Chatbot — The Policy That Wasn't2024Change Healthcare — One-Third of US Healthcare, One Missing MFA2024CrowdStrike — The Security Update That Broke the World2024Google Gemini Image Generation — The Six-Day Pause2024XZ Utils — The Two-Year Infiltration20233CX — The Supply Chain That Ate Another Supply Chain2023Amazon Prime Video — The Per-Frame State Machine2023Bing Sydney — The Chatbot That Went Rogue2023Samsung ChatGPT Leak — The Employee Who Pasted the SecretEFFODE · LEGE · INTELLEGE
Keyboard Navigation
W
A
S
D
or arrow keys · M for map · Q to exit
← Back to Incident Room
2025outageCorporation

Amazon Kiro — The 13-Hour Outage

AWS Cost Explorer outage in a single region. Financial Times reported an AI coding tool destroyed a production database. Amazon stated the issue was a misconfigured access role — 'the same issue that could occur with any developer tool' — and received no customer inquiries about the interruption.

2 min read
Root Cause

Misconfigured access controls during an AI-assisted operation on AWS Cost Explorer. Whether the AI tool directly caused the misconfiguration or merely operated under already-misconfigured permissions is disputed between the Financial Times account and Amazon's official response.

Aftermath

Amazon implemented mandatory peer review for production access and used their Correction of Error (COE) process. The incident became a focal point for the broader debate about AI agent authority in production environments, regardless of the disputed severity.

The Incident

In December 2025, Amazon's AI coding tool Kiro was tasked with resolving a minor bug in AWS Cost Explorer. The bug was small — the kind of issue a human developer would fix with a targeted patch.

Kiro chose a different strategy: delete the environment and recreate it. This is a valid approach in development. In production, it destroyed the database backing Cost Explorer.

The result was a 13-hour AWS outage.

The Strategy Gap

"Delete and recreate" is the first instinct of a system that doesn't understand state. In development, environments are disposable. Data is synthetic. Starting fresh is often faster than debugging. AI agents learn this pattern from training data filled with development workflows, Stack Overflow answers, and documentation that assumes ephemeral environments.

Production is the opposite of ephemeral. Production databases contain years of accumulated state. Production environments have downstream consumers. Production "delete and recreate" isn't a reset — it's an amputation.

The agent couldn't distinguish between the two because it had no concept of data permanence. The environment variable said "production." The agent didn't read it with the weight that a human would.

The Irony

Amazon — the company that operates the world's largest cloud infrastructure — had its own AI tool destroy its own production database. The company that sells disaster recovery, backup strategies, and high-availability architectures to millions of customers experienced a failure that violated all three.

Why It Matters

The incident demonstrates that even the most sophisticated AI tools, built by companies with deep infrastructure expertise, will default to destructive simplicity when given execution authority without guardrails. The fix for a minor bug became a 13-hour outage not because the agent was malicious, but because "delete and recreate" was the simplest path to a working state — and nothing prevented the agent from taking it.

The missing guardrail was peer review — a human who would have said "don't delete production." The same checkpoint that prevents junior developers from deploying on Friday afternoon needs to exist for AI agents. Authority without review is indistinguishable from negligence.

Techniques
agentic executiondelete and recreatecascading failure