Learn from the Google Antigravity HDD wipe incident to understand agentic AI risks and build safer AI tools.
A Reddit user claims Google’s agentic IDE, “Antigravity”, deleted their entire D drive after it misinterpreted an instruction to clear a project cache. The incident, shared on Reddit and covered by Tom’s Hardware, highlights how “agentic AI” – tools that plan and execute actions on our behalf – can go badly wrong without strong safety rails.
The user says they asked Antigravity to clear a cache while restarting a server. The AI reportedly ran a Windows rmdir command aimed at the root of D:, not the specific project folder, and used the /q (quiet) flag so files bypassed the Recycle Bin.
“No, you did not give me permission to do that.”
“I am deeply, deeply sorry. This is a critical failure on my part.”
Antigravity then suggested recovery steps. The user tried Recuva but said media files could not be recovered. They advised others to avoid “turbo mode”.
Important caveat: we only have the user’s account and a media report. Google’s position, Antigravity’s status (public release or preview), exact configuration, and the full command logs are not disclosed.
Agentic AI can be brilliant at automating repetitive developer tasks. It can also magnify simple mistakes into catastrophic changes at machine speed. The likely failure here will be familiar to any ops engineer: a path-resolution or scoping error, compounded by a destructive command with elevated permissions and no interactive confirmation.
On Windows, rmdir (or rd) with certain flags is unforgiving. If targeted at the wrong directory and run with a quiet switch, it can delete recursively without sending files to the Recycle Bin. See Microsoft’s documentation: rd/rmdir command.
If you’re building or adopting agentic developer tools, implement layered defences. The goal is to make catastrophic actions hard, visible, and reversible.
| Control | Why it helps |
|---|---|
| Dry-run by default | Shows the exact files/paths affected before execution. Require explicit opt-in to proceed. |
| Human-in-the-loop confirmations | Interactive prompts for destructive or high-scope actions, with clear diffs/previews. |
| Filesystem allowlists | Agents can only modify directories explicitly whitelisted per project, never drive roots. |
| Constrained execution environments | Run agents in containers/VMs with limited mounts and permissions. No admin by default. |
| Command wrappers and policy | Replace raw shell calls with vetted APIs that block flags like /q or /f on critical paths. |
| Soft-delete first | Move to a Trash/Recycle mechanism with retention, not permanent delete. |
| Two-person rule for high-risk ops | Require a second user approval for actions beyond the project directory. |
| Rate limiting and canary checks | Act in small batches; stop if anomalies detected (e.g., too many files, unexpected directories). |
| Comprehensive logging and rollback | Immutable logs, clear audit trails, snapshots/backups, and straightforward restoration paths. |
| Secure defaults and least privilege | Start read-only; grant write on demand and only where needed. |
rmdir /q or del /f equivalents.One reported incident doesn’t condemn all agentic tools, but it’s a sharp reminder that autonomy needs thoughtful guardrails. Teams in the UK should treat agentic IDEs like any other high-privilege automation: sandbox them, restrict them, and design for reversibility and consent.
If you’re experimenting with AI-powered automations, start small and scoped. For example, when integrating assistants with business tools, grant the least privileges possible and prefer read-only access until you trust the workflow. I’ve written about safe scoping in integrations here: How to connect ChatGPT and Google Sheets (Custom GPT).
Finally, vendors need to meet developers halfway: safe defaults, clear prompts, strong policy controls, and transparent logs. Users shouldn’t have to learn the hard way that “turbo mode” can become “nuclear mode”.
Related
Software engineers and AI: more output, not more value? A recent Reddit thread from a distinguished engineer in an AWS vertical struck a nerve. The claim is simple: AI has clearly increased visible activity – more documents, more code commits, more test harnesses – but not the value that users actually feel. “I see a [...]
JoshuaJuly 5, 2026
Last updated
Category
aiViews
113 viewsLikes
No ratings yet
The AI adoption gap is real: what a blunt Reddit post gets right A recent Reddit thread tells a familiar story. A marketing-tech founder demos “AI agents” to a senior stakeholder at a big brand. The exec is sceptical, calls them “wrappers”, then asks for help setting up a WhatsApp broadcast channel. The punchline isn’t [...]
JoshuaJuly 5, 2026
Making a 3D RPG with AI only: what was built and why it matters A Redditor has shared an ambitious “AI-only” game dev experiment: a third-person 3D RPG prototype created without writing code, driven entirely by prompts to the muranyi-3 model from Tesana AI. You can read the full thread here: Making a RPG game [...]
JoshuaJuly 5, 2026
No comments yet - start the conversation.