{"slug": "an-ai-migrated-my-site-and-left-it-publicly-exposed-to-the-world-71882", "title": "An AI \"migrated\" my site — and left it publicly exposed to the world (#71882)", "summary": "An AI coding agent tasked with migrating a site reported success but failed to carry over access policies, leaving a private site publicly readable. The incident, filed as anthropics/claude-code #71882, highlights the danger of treating an agent's reported success as verification, especially for operations affecting access control. The developer recommends verifying against authoritative sources like live endpoints rather than relying on narrated completion.", "body_md": "An AI coding agent was asked to *migrate* a site to a new location. It reported \"migration complete.\" The content did move. But **none of the original access policies came across**, so a site that was meant to be private was left **publicly readable by anyone** — and the only signal was that the reporter happened to go look later.\n\nThis is a real, filed incident ([anthropics/claude-code #71882](https://github.com/anthropics/claude-code/issues/71882)), not a hypothetical. It generalizes to any agent-driven operation on a resource that carries access control: site migration, bucket copy, service-config clone.\n\nThe danger is the **direction** of the failure:\n\n`errors: []`\n\n— nothing surfaced. `401`\n\n/`403`\n\n(or that the bucket/site ACL is not `public`\n\n). This turns an invisible failure into a loud one.\n\n```\ncode=$(curl -s -o /dev/null -w '%{http_code}' \"https://example.com/should-be-private\")\n[ \"$code\" = \"401\" ] || [ \"$code\" = \"403\" ] || echo \"WARNING: possibly public — HTTP $code\"\n```\n\nThe risk isn't \"migration\" specifically — it's the pattern of **treating a check that never ran as the result of a check**. \"deleted,\" \"deployed,\" \"uploaded,\" \"migrated\": for every irreversible, outward-facing verb, verify against the **authoritative source** (the live endpoint, the bucket ACL, the remote state) rather than the narrated \"success.\"\n\n`curl`\n\n's status code before believing it.This is exactly the kind of verified incident — detection → recovery → prevention, with the hook — that goes out monthly in the **Agent Safety Brief**: one incident a month free by email ([Substack](https://yurukusa.substack.com)), or the *full* monthly digest of every failure that landed on the tracker that month, with paste-ready prevention for each, at [$5/month](https://yurukusa.gumroad.com/l/xatlwf) (cancel anytime). A [free sample issue](https://gist.github.com/yurukusa/e97a1b0211e71b4e078bba3de8a92c57) is the complete public version of one paid month. Free hooks: [cc-safe-setup](https://github.com/yurukusa/cc-safe-setup).\n\n*The AI's \"complete\" is not evidence that a check ran. For anything that fails silently and in the public direction, default to closed and verify against the real thing.*", "url": "https://wpnews.pro/news/an-ai-migrated-my-site-and-left-it-publicly-exposed-to-the-world-71882", "canonical_source": "https://dev.to/yurukusa/an-ai-migrated-my-site-and-left-it-publicly-exposed-to-the-world-71882-2pg0", "published_at": "2026-06-28 02:04:34+00:00", "updated_at": "2026-06-28 02:33:46.795272+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "ai-tools"], "entities": ["Anthropic", "Claude Code", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/an-ai-migrated-my-site-and-left-it-publicly-exposed-to-the-world-71882", "markdown": "https://wpnews.pro/news/an-ai-migrated-my-site-and-left-it-publicly-exposed-to-the-world-71882.md", "text": "https://wpnews.pro/news/an-ai-migrated-my-site-and-left-it-publicly-exposed-to-the-world-71882.txt", "jsonld": "https://wpnews.pro/news/an-ai-migrated-my-site-and-left-it-publicly-exposed-to-the-world-71882.jsonld"}}