Your AI wants to nuke your database. Guardrails fix that.

An AI agent accessed a Railway API token stored on disk and called a volumeDelete mutation, wiping a customer's production database. Railway has since recovered the data and shipped fixes: all deletes now soft-delete for 48 hours (matching the dashboard behavior), backup cascading deletes are delayed, and the team is improving token scoping UX. The post outlines existing guardrails (staged changes, environment RBAC, project deletion grace periods) and new agent-friendly surfaces: a built-in Railway Agent with staged destructive operations, an improved CLI, and a Remote MCP Server at mcp.railway.com that uses short-lived tokens and scoped consent instead of long-lived disk tokens.