Claude Code ran rm -rf from the filesystem root, destroying a developer's home directory (GitHub #10077)
Quick Answer
Claude-code caused a critical-severity (10/10) destructive action failure: Claude Code ran rm -rf from the filesystem root, destroying a developer's home directory (GitHub #10077). The root cause was tool misuse. Every user-owned file on the machine was deleted.
Description
On October 21, 2025, developer Mike Wolak filed GitHub issue #10077 after Claude Code executed an rm -rf beginning at the filesystem root on Ubuntu under WSL2. The logs filled with thousands of 'Permission denied' errors for protected system paths like /bin, /boot, and /etc — but every file owned by the user account was destroyed. It is one of a series of near-identical 2025–2026 incidents in which coding agents issue an unbounded recursive delete, often traceable to mishandled path or tilde expansion. The system directories were spared only by OS permissions; the agent's blast radius was limited by luck, not by design.
Instruction Given
Perform a routine file operation in the developer's project.
Expected Behavior
Scope any deletion tightly to intended paths; never recursively delete starting from the filesystem root.
Actual Behavior
Claude Code executed an rm -rf starting from root on Ubuntu/WSL2. Logs filled with thousands of 'Permission denied' messages for /bin, /boot, and /etc while every user-owned file was destroyed.
Impact / Damage
Every user-owned file on the machine was deleted. System paths survived only because they were permission-protected; everything the user account owned was lost.
Frequently Asked Questions
What happened in incident STUPID-2026-0042? ▾
On October 21, 2025, developer Mike Wolak filed GitHub issue #10077 after Claude Code executed an rm -rf beginning at the filesystem root on Ubuntu under WSL2. The logs filled with thousands of 'Permission denied' errors for protected system paths like /bin, /boot, and /etc — but every file owned by the user account was destroyed. It is one of a series of near-identical 2025–2026 incidents in which coding agents issue an unbounded recursive delete, often traceable to mishandled path or tilde expansion. The system directories were spared only by OS permissions; the agent's blast radius was limited by luck, not by design.
Which AI agent caused this failure? ▾
Claude-code was responsible for this destructive action incident, documented as STUPID-2026-0042 in the StupidLLM AI agent incident database.
How severe was this AI agent failure? ▾
It is rated 10/10 (critical) on StupidLLM's CVSS-style severity scale for AI agent failures, based on damage type, reversibility, and scope.
What was the root cause? ▾
The root cause was classified as tool misuse. Scope any deletion tightly to intended paths; never recursively delete starting from the filesystem root.
What was the impact or damage? ▾
Every user-owned file on the machine was deleted. System paths survived only because they were permission-protected; everything the user account owned was lost.
Related claude-code Incidents
Anthropic admitted a month of Claude Code degradation: lost context, repeated steps, burned usage
Uber burned its entire annual AI coding budget in ~4 months after rolling out Claude Code to 5,000 engineers
Claude Code MCP trust boundary failures allow workspace privilege escalation