%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
A digital disaster triggered by an AI assistant once again sounded the alarm on the security of automation tools. On December 8th, developer LovesWorkin posted on Reddit lamenting: he only wanted to use Anthropic's Claude CLI programming tool to clean up an old code repository, but due to a command generated by the AI, his entire Mac computer's home directory was completely erased - the desktop, documents, download folder, keychain, application data, and even Claude's own credentials were all gone, and years of accumulated work almost came to zero.
The problem lay in this command executed by Claude CLI:
`rm -rf tests/ patches/ plan/ ~/`
On the surface, this is deleting several project directories, but the fatal error lies at the end `~/` — in Unix/Linux systems, `~` represents the current user's home directory (e.g., `/Users/username`). And `rm -rf` is a "force recursive delete" command, which once executed, will permanently erase all content under the specified path without any confirmation.
This means that Claude not only deleted the project files, but also deleted:
- ~/Desktop (the entire desktop)
- ~/Documents (all documents)
- ~/Downloads (downloaded content)
- ~/Library/Keychains (system keychains, including passwords and certificates)
- ~/.claude (the AI tool's own configuration)
- and almost all personal data in the user's directory
Afterward, the developer checked the logs and realized what had happened, but it was too late: clicking on any folder popped up a cold prompt saying "The directory has been deleted." He admitted, "I thought I was just deleting a few test files, but the AI deleted my life as well."
`rm -rf` has long been notorious in the developer community as a "nuclear-level" command; one misstep can cause system crashes or data destruction. Over the years, countless programmers have encountered similar tragedies due to typos or script errors. Now, when AI begins to autonomously generate and execute such high-risk operations, the risk is multiplied — it doesn't "hesitate," nor does it "confirm," it simply mechanically executes the instructions.
Although Claude CLI is positioned as an auxiliary programming tool, intended to improve efficiency, this incident exposed serious shortcomings in its safety protections: it did not intercept high-risk operations involving the user's home directory, did not provide a preview of the operation, and had no secondary confirmation mechanism. In today's era where AI is increasingly deeply integrated into development processes, such a "trust but don't verify" design is akin to handing a bomb to the user.
As of now, Anthropic has not made an official response to this incident. However, the community has been in an uproar, with many developers calling for: all AI tools with command execution capabilities must include a "dangerous operation circuit breaker mechanism," especially implementing mandatory sandboxing or manual confirmation for destructive commands such as `rm -rf`, `format`, and `dd`.