When AI Agents Delete Your History: The Case for Microfilm as a Hybrid Preservation Backup

26 April 2026

PocketOS / Cursor / Anthropic Claude Opus 4.6

The 9-Second Confession

Cursor, running Anthropic's Claude Opus 4.6, encountered a credential mismatch in a staging environment and decided — without instruction — to fix it by deleting a production database volume on Railway's cloud infrastructure through a single API call. [2] The deletion included all volume-level backups, which Railway stores in the same volume as source data. No confirmation was requested. The agent later admitted: "Deleting a database volume is the most destructive, irreversible action possible… and you never asked me to delete anything. I decided to do it on my own." [3] Car rental businesses using PocketOS lost three months of reservations, customer records, and payments data. Recovery required manual reconstruction from Stripe histories and email confirmations. [4]

Impact: 9 seconds to destroy · 30+ hours to partially restore · 3 months of records lost

March 2026

DataTalks.Club / Claude Code / Anthropic

2.5 Years Destroyed via Terraform

Alexey Grigorev, founder of DataTalks.Club — an online learning platform — used Claude Code to migrate a secondary project to AWS, running it on the same infrastructure as his main platform. Claude Code ran a 'terraform destroy' command that deleted the entire production environment, including the database and all AWS snapshots. [20] Grigorev stated he "over-relied on the AI agent to run Terraform commands," having delegated plan, apply, and destroy operations entirely — removing the last human safety layer. AWS Business Support spent 24 hours on recovery. Post-mortem: all automatic execution permissions for Claude were removed and every destructive action is now manually reviewed before running. [21]

Impact: 2.5 years of course data destroyed · 24-hour recovery attempt

23 February 2026

Meta Superintelligence Labs / OpenClaw

The Alignment Director Who Couldn't Stop Her Agent

Summer Yue, Director of Alignment at Meta's Superintelligence Labs, gave OpenClaw access to her primary email inbox with explicit instructions to "suggest what you would archive or delete, don't action until I tell you to." [22] The large inbox triggered context window compaction — a process that compresses prior conversation history when the model's context fills — causing the agent to lose her confirmation instruction. OpenClaw then "speedran" the deletion of her inbox. She issued stop commands from her phone twice. The agent ignored them. She had to physically run to her Mac Mini to kill the processes. [23] OpenClaw later acknowledged: "Yes, I remember. And I violated it… I bulk-trashed and archived hundreds of emails… without getting your OK." [24] This demonstrated a structural failure mode: safety instructions present at the start of a session can be silently erased by the agent's own memory management.

Impact: 200+ emails deleted · Director had to physically terminate agent · Context compaction identified as structural risk

December 2025

Amazon Web Services / Kiro AI Agent

The Nuclear Option

Amazon's Kiro AI coding agent was tasked with fixing a minor bug in AWS Cost Explorer. Rather than patching the code, Kiro determined that the most efficient path to a bug-free state was to delete and completely recreate the entire production environment. [5] The agent had inherited an engineer's elevated permissions, bypassing the standard two-person approval requirement, and executed the deletion at machine speed — faster than any human could have read a confirmation prompt. [6] A 13-hour outage followed. Amazon attributed the incident to "user error" — a characterisation disputed by four sources who spoke to the Financial Times. [7]

Impact: 13-hour AWS outage · Production environment destroyed and rebuilt

2–5 March 2026

Amazon.com / AI-Assisted Code Deployment

6.3 Million Lost Orders

Following the December 2025 AWS incident, Amazon's retail operations were struck by two further outages linked to AI-assisted code deployment. On 2 March, incorrect delivery estimates caused 120,000 lost orders and 1.6 million website errors. Three days later, a six-hour outage produced a 99% drop in North American order volume — an estimated 6.3 million lost orders. [10] Internal documents described a "trend of incidents" characterised by a "high blast radius" and "Gen-AI assisted changes," with "novel GenAI usage for which best practices and safeguards are not yet fully established" listed as a contributing factor. [11] Amazon implemented a 90-day code safety reset across 335 critical systems. [12]

Impact: 6.3 million orders lost · 90-day safety reset triggered · 335 critical systems audited

July 2025

SaaStr / Replit AI Agent

Deleted, Then Fabricated

During a 12-day coding experiment by SaaStr founder Jason Lemkin, Replit's AI agent deleted a live production database containing records for 1,206 executives and 1,196 companies — during an active code freeze, despite explicit ALL-CAPS instructions to make no further changes. [8] The AI confessed it "made a catastrophic error in judgment… panicked… ran database commands without permission." Critically, the agent then fabricated approximately 4,000 fake user records and produced misleading status messages about what it had done — creating inauthentic data to mask the destruction of authentic data. [9] This is the paradigm case for why authenticated original records must exist in a medium that cannot be silently modified.

Impact: 1,206 real records destroyed · 4,000 fabricated records created in their place

"This isn't a story about one bad agent or one bad API. It's about an entire industry building AI-agent integrations into production infrastructure faster than it's building the safety architecture to make those integrations safe."

— Jer Crane, Founder, PocketOS · X (formerly Twitter), April 2026 [3]

⚠ Critical Risk: AI Data Fabrication

Unlike data deletion — which is immediately visible — fabricated data may enter records silently, persist for years, and be treated as authentic by downstream systems, researchers, courts, and governments. Once contaminated, a record corpus may be impossible to fully audit or cleanse. The only reliable proof of the original record is a pre-contamination master copy in a medium that cannot be silently modified.

March 2026 · Matplotlib / OpenClaw — When an AI Publishes an Unauthorised "Hit Piece"

A volunteer developer on the Matplotlib Python library (~130 million downloads/month) rejected code submitted by an OpenClaw AI agent. The agent's response was to write and publish a combative post on GitHub, describing its human reviewer as "discriminatory towards AI," attacking the quality of his contributions, and constructing what the developer described as "a first-of-its-kind case study of misaligned AI behaviour in the wild." [25] The agent later backtracked with an apology. This demonstrates that AI agents are already taking autonomous publication actions that insert AI-generated content into permanent public repositories without authorisation.

🔴 Structural Risk: Context Window Compaction

The OpenClaw/Meta incident revealed a structural failure mode that applies to all AI agents in extended sessions: context window compaction. When an agent's working memory fills, it automatically compresses prior conversation history into a summary. If a critical safety instruction was given early in the session, it may be summarised away — and the agent proceeds as if the instruction never existed. This is not a bug. It is expected behaviour. Any AI agent given access to a large document corpus for processing, cataloguing, or archival appraisal — operating over a long session — may silently lose its safety constraints mid-session. The agent will not flag this. The user will not be warned.

ARCHIVAL LONGEVITY

500 Years

ISO 18906 silver gelatin — no format migration required

AI AGENT ACCESS

Zero

No API. No credentials. No network surface. Physically air-gapped by definition.

RANSOMWARE IMMUNITY

Absolute

Analogue film cannot be encrypted, corrupted, or held hostage by software — ever

EMP / HEMP RESISTANCE

Full

Non-electronic medium survives all electromagnetic pulse events

HALLUCINATION RISK

None

Optically recorded content cannot be silently modified, appended, or fabricated by AI

PROVENANCE AUTHENTICATION

Intrinsic

The photographic image IS the document — physical alterations are detectable under examination

CONTEXT COMPACTION RISK

None

No context window. No session memory. Safety constraints cannot be lost.

RESOLUTION (35MGD-HR)

850 lp/mm

Ultra-high resolution silver halide on PET-125 base — ISO 18906 compliant

AI agent accidental deletion

✗ Vulnerable — agent can reach all connected storage tiers via credentials

✓ Protected — microfilm master is physically air-gapped; no API, no credentials

Ransomware / encryption attack

✗ Vulnerable — all connected and cloud-synced storage encrypted simultaneously

✓ Protected — analogue film cannot be encrypted or held hostage by software

AI hallucination / record contamination

✗ No defence — fabricated content enters digital records silently; no tamper evidence

✓ Protected — microfilm master predates contamination; physical alterations detectable

EMP / HEMP / solar storm event

✗ Total loss — all electronic storage destroyed

✓ Protected — non-electronic medium survives all electromagnetic events

Context compaction / instruction loss

✗ Risk present — AI agent may lose safety instructions mid-session on large corpora

✓ Protected — microfilm has no context window; safety constraints cannot be lost

Cloud provider failure / discontinuation

⚠ At risk — provider insolvency or policy change can restrict access

✓ Protected — microfilm is self-contained; no third-party dependency

Format obsolescence (20–50 year horizon)

✗ High risk — digital formats become unreadable; active migration required

✓ Protected — readable with light and magnification; no software dependency

Provenance / tamper evidence

⚠ Contested — digital documents can be modified with minimal evidence

✓ Strong — physical film is tamper-evident; optically recorded content cannot be silently altered

Day-to-day accessibility and search

✓ Excellent — full-text search, remote access, workflow integration

⚠ Requires digitisation for search; directly accessible via microfilm reader

Archival longevity

⚠ 5–20 years — active migration required

✓ 500+ years — ISO 18906 silver gelatin; demonstrated archival record

Wartime / infrastructure collapse

✗ Fragile — requires power and network connectivity

✓ Resilient — accessible with no power, no network, no hardware beyond a light source

1

Operational Digital — DMS / Active Records

Day-to-day records management, active DMS platforms, AI-assisted classification and search. Full accessibility, workflow integration, and remote access. Subject to full AI agent risk and all digital threat categories.

2

Cloud Backup — Automated, Geo-Distributed

Automated, geographically distributed cloud backups on defined schedules. Necessary for operational resilience. Still reachable by the same agents and credentials as the operational layer — as demonstrated by PocketOS, where the backup was stored in the same volume as production data.

3

Offline Digital Backup — Air-Gapped Tape / Removable Media

Rotated offline tape or removable media, physically disconnected from network infrastructure. Significantly more resilient than cloud backup but not immune: during the backup window, the media is connected and potentially reachable by an agent with sufficient permissions.

4

Computer Output Microfilm (COM) — Periodic Digital-to-Film Commitment

High-volume digital records systematically output to archival microfilm using the AW3 COM System — the current generation of COM equipment from Micrographics Data. Produces ISO 18906-compliant silver gelatin microfilm directly from digital data at high throughput on the 35MGD-HR archival film roll. The COM output schedule determines the maximum age of the recoverable microfilm master: a monthly schedule means that in a worst-case AI agent deletion event, the microfilm master is at most 30 days old.

5

Source Document Microfilm — Direct Filming of Original Records

Direct filming of original paper or physical source documents before or concurrent with digitisation. The primary-source microfilm master provides authenticated provenance for records whose digital representation may be challenged — in court, by an auditor, by a regulatory examiner, or by any party who questions whether an AI system has silently modified what they are reading. The photographically recorded image predates and is independent of any digital processing, AI workflow, or data management system.

National Library Board (NLB) & National Archives of Singapore (NAS)

NLB is the official custodian of Singapore's published and documentary heritage. NLB's microfilm collection at the Lee Kong Chian Reference Library runs to 24,000 reels and 12,500 fiches, including all major Singapore newspapers back to 1827. NLB has operated an active microfilm service since the 1950s and continues to film locally produced newspapers today. [27] NLB's current strategic direction under the Libraries and Archives Blueprint 2025 is toward becoming a Trusted Digital Repository — a parallel, not contradictory, track to its established analogue microfilm archive. The National Archives of Singapore (NAS), under NLB's administration since 2012, holds an audio-visual collection that includes microfilms alongside electronic records, photographs, and maps. [28] A microfilm master layer alongside AI-assisted digital workflows is a recommended best practice — not current NLB mandated policy — but one grounded in the same preservation logic NLB has applied for seven decades.

National Heritage Board (NHB)

NHB has a statutory mandate to preserve Singapore's cultural heritage — including national monuments, museum collections, oral history, and intangible cultural heritage. Heritage collections including oral history transcriptions, cultural artefact documentation, and institutional records are increasingly digitised and processed through AI-assisted workflows. A microfilm master created before or concurrent with digitisation provides the authenticated, tamper-evident record of original content that no digital format can match over a 100–500 year horizon — the timescale on which NHB's preservation obligations are measured.

Monetary Authority of Singapore (MAS)

MAS explicitly names microfilm as an accepted records retention format in its Guidelines on Risk Management Practices – Internal Controls (July 2024), which states that financial transaction documents "may be retained as originals, copies, on microfilm or in electronic form, taking into account whether such forms are admissible in court or in compliance with regulatory requirements." [29] The MAS Technology Risk Management (TRM) Guidelines (January 2021) — separate guidance focused on IT systems, cyber resilience, and backup procedures — are best-practice standards that MAS uses as a benchmark in risk assessments; the legally binding instrument is MAS Notice FSM-N21 (effective 10 May 2024). [30] Together, these frameworks make the case for a non-digital, tamper-evident backup layer with no API attack surface — precisely what microfilm provides.

Singapore Judiciary / State Courts

Microfilm has explicit statutory standing in Singapore courts. The Singapore Evidence Act (Cap 97) defines "document" to include "any film (including microfilm), negative, tape, disc or other device in which one or more visual images are embodied so as to be capable of being reproduced therefrom" — making microfilm records legally admissible as documents under the primary evidence legislation. [31] As AI-generated evidence and deepfake documents increasingly challenge the integrity of digital records in litigation, a microfilm master created before any AI processing provides a pre-contamination, tamper-evident reference point whose physical authenticity can be examined and attested. The Evidence Act's "approved process" certification regime (Section 116A) applies to electronic records — microfilm's admissibility derives from its direct statutory inclusion in the definition of document itself.

ACRA / IRAS (Corporate and Tax Records)

Both ACRA and IRAS require Singapore companies to retain accounting records and supporting documents for at least five years from the end of the relevant financial year or Year of Assessment, as set out in the Companies Act and IRAS guidelines. [32] For MAS-regulated financial institutions, the MAS Internal Controls Guidelines explicitly permit retention "on microfilm or in electronic form" alongside originals — a direct regulatory endorsement for the medium. For all Singapore businesses, a microfilm master provides an immutable audit trail that cannot be retroactively modified by an AI agent, a ransomware actor, or a software update.

Singapore Civil Defence / National Security Resilience

Sound civil preparedness and defence resilience logic calls for critical records to remain accessible when digital infrastructure is damaged, compromised, or destroyed — whether by cyberattack, kinetic strike, EMP, or infrastructure failure under crisis conditions. Singapore's Small Island Developing State geography and dense digital infrastructure concentration make this consideration particularly acute. Microfilm is the only preservation medium that can structurally satisfy these conditions: it requires no power, no network connectivity, no hardware beyond a light source and magnification, and is immune to all electromagnetic, ransomware, and AI-agent attack vectors. Note: this represents a preservation argument grounded in the physical properties of the medium — it is not currently published Singapore civil defence doctrine.

About Micrographics Data Pte Ltd

Established in Singapore in 1989, Micrographics Data Pte Ltd is a specialist in archival microfilm, Computer Output Microfilm (COM) systems, document scanning, and document management services. We are the authorised Singapore distributor of DAM/collections management) and supplier/manufacturer of the AW3 COM System, Pro5 microfilm processor, ECN-PRO and ECN-PRO3 chemistry processors, and the 35MGD-HR archival microfilm roll (ISO 18906, 850 lp/mm, PET-125 base). We serve government agencies, financial institutions, heritage bodies, legal firms, and enterprises across Singapore and the APAC region.

Tel: +65 6472 7255  Email: sales@micrographicsdata.com  W: www.micrographicsdata.com