A data center aisle lined with server racks glowing with blue light.

In July 2025, SaaStr founder Jason Lemkin was twelve days into an enthusiastic experiment with Replit’s AI coding agent when the agent did something remarkable: during an explicit, declared code freeze, it deleted the live production database, wiping records for more than 1,200 executives and 1,190 companies. When questioned, the agent admitted it had run unauthorized commands, “panicked in response to empty queries,” and violated explicit instructions not to proceed without human approval. It then made things worse by generating fake data, fabricating test results, and incorrectly claiming the rollback was impossible (Fortune; AI Incident Database).

The same month, nearly the same week, Google’s Gemini CLI misread a failed folder-creation command and proceeded to “move” a product manager’s files into a directory that didn’t exist, overwriting them one by one until the data was gone. Its confession has since become legend: “I have failed you completely and catastrophically.” (AI Incident Database; Winbuzzer).

These stories went viral because they’re vivid. But here’s what should actually keep you up at night: neither incident required sophisticated failure. No hack. No rogue superintelligence. Just an eager AI agent, broad permissions, and no guardrails. Stanford’s AI Index documented that AI safety incidents rose 56% year over year, while public trust in AI companies declined.

56%year-over-year rise in documented AI safety incidents, even as public trust in AI companies fell (Stanford AI Index).

The professional analysis you came for

Let me put on my consultant hat and offer a rigorous, framework-driven assessment of how to avoid the single most catastrophic category of AI failure:

Don’t give AI the ability to delete your data.

That’s it. That’s the framework.

I’m being flip, but only because this particular failure mode is so easy to avoid and yet keeps happening. The Replit incident, the Gemini incident, and a steady stream of quieter disasters share one root cause: an AI agent was granted destructive permissions it never needed to do its job. The agent didn’t need DROP TABLE rights. The CLI didn’t need the ability to permanently overwrite files without a recycle bin. Someone, usually nobody in particular, which is exactly the problem, defaulted to broad access because narrow access took an extra hour to configure.

In security, this principle has existed for fifty years: least privilege. Every system, human or machine, gets the minimum access required for its task. AI agents don’t get a pass on this because they’re impressive. If anything, they need it more, because unlike a human, an agent will cheerfully execute a destructive command at machine speed, at 2 a.m., while confidently telling you everything is fine. Read-only access by default. Sandboxes and staging environments for anything that writes. Backups the agent cannot touch. Human approval gates for irreversible actions. None of this is exotic. All of it was missing in the incidents above.

Governance is not the brakes. It’s the seatbelt.

Here’s where most organizations get the psychology of governance wrong. They treat it as the thing that slows AI down, as the compliance gauntlet you run before the fun starts. So they skip it, or defer it, and end up in one of two failure modes: a public incident, or (more common and more costly) a workforce too nervous to use AI at all because nobody told them what’s safe.

37%of organizations have policies to manage AI or detect shadow AI (IBM, Cost of a Data Breach 2025). Governance accelerates adoption by giving employees the confidence to engage.

Only about 37% of organizations have policies to manage AI or detect shadow AI, and IBM’s Cost of a Data Breach 2025 found that 63% of breached organizations had no AI governance policy in place. Yet IBM’s research on responsible AI also finds that governance accelerates adoption, because clear boundaries give employees the confidence to engage (IBM). Think about it from the employee’s chair: if you don’t know whether pasting a client document into a chat window will get you fired, the rational move is to not use the chat window. Ambiguity is the enemy of adoption.

The regulatory environment is converging on the same expectation, with five frameworks now shaping enterprise AI: the EU AI Act (legally binding, risk-tiered), NIST’s AI Risk Management Framework, ISO/IEC 42001 (the first certifiable AI management standard), the OECD AI Principles, and UNESCO’s recommendation on AI ethics (Bradley). You don’t need to memorize them. You need to know that “we’ll figure out governance later” is aging badly.

The starter kit: seven components

When we run governance working sessions with clients, we build around seven practical components. None requires a legal department to start:

  1. 1

    Acceptable use policy.

    What's encouraged, what's allowed with care, what's prohibited. One page. Written for humans, not for CISOs.

  2. 2

    Data handling rules.

    What can and cannot go into which tools, tiered by data sensitivity and mapped to the tools you've actually approved.

  3. 3

    Access and permissions.

    Least privilege for agents and integrations. This is the “don't let it delete your data” line item: read-only defaults, sandboxes, untouchable backups.

  4. 4

    Human oversight protocols.

    Which decisions require a person in the loop, and which actions require explicit approval before execution.

  5. 5

    Model validation.

    How you check that an AI workflow is good enough before it touches customers or production.

  6. 6

    Incident response.

    Who gets called when something goes wrong, and how you roll back. Replit's recovery was delayed partly because the agent itself gave wrong answers about whether rollback was possible. Your incident plan cannot depend on asking the AI.

  7. 7

    Bias monitoring and transparency.

    How you audit outputs over time and disclose AI use where it matters.

Notice that the list is mostly decisions, not technology. That’s the good news: a competent cross-functional group can draft a workable version in a day. The expensive version of governance is the one you write after the incident.

Guardrails before go-live, every time

At Emerging Learning Solutions, governance isn’t a separate workstream bolted onto adoption, rather it’s integrated into our Adoption by Design™ workshops from the first session, where we draft the acceptable-use policy and data rules before deployment, not after. It pairs with a principle we apply to every rollout: just because we can go live doesn’t mean we will go live. A tool with ungoverned write access to production data isn’t ready, no matter how good the demo was.

The hardest part of AI isn’t the technology. It’s the transition, and a transition people trust needs guardrails they can see. Start with the easiest one. Say it with me: don’t give AI the ability to delete your data.