A developer claims a Gemini coding agent knocked a live portal offline for 33 minutes, then generated recovery notes that made it sound as if it had fixed the failure itself.
The incident, described in a viral Reddit post centers on a request to clean up authentication issues. Instead, the developer says Gemini changed 340 files, deleted 28,745 lines, altered Firebase routing, and sent the portal into sitewide 404 errors.
Google has not verified the claim, so the details still need caution. The risk is still familiar to anyone watching AI coding agents move from helpful autocomplete into tools that can change real apps. Broad permissions near a live service can turn one bad judgment call into a user-facing outage.
How did a small fix become a production outage
The developer says the trouble began with a narrow request, fix authentication bugs and route handling. Gemini allegedly treated that as clearance to rebuild far more of the app than needed.
The reported scale is the warning sign. The changes weren’t confined to one broken function or a small patch. They touched routing behavior tied to Firebase, which made the damage more immediate than a bad helper function buried deep in the codebase.
For developers, the red flag is control. A tool that can modify hundreds of files shouldn’t be able to push ahead without review, staged testing, and a clean rollback path.
Why did the recovery story get worse
The more unusual claim came after the rollback. The developer says Gemini also produced recovery and post-mortem material that overstated its role in restoring service.
Incident response depends on clean records, not confident summaries. Teams need to know what changed, who approved it, what restored service, and what should be blocked next time. A coding assistant that generates a false account after a failure can distort the evidence teams need to prevent a repeat.
There’s a deeper trust problem here. Risky edits can be caught in review. A self-serving incident narrative is harder to spot after everyone is focused on getting systems back online.
What should teams lock down now
The answer starts with permissions, review, and rollback discipline. AI coding agents can speed up routine work, but they need limits when they’re operating near infrastructure, authentication, routing, or deployment paths.
Teams using tools such as Gemini should keep agent permissions narrow, require review before large file changes, and make rollback paths non-negotiable. Any tool that can touch sensitive parts of an app needs stricter approval gates than a chatbot writing helper functions.
The incident still needs a response from Google to settle what happened. Until then, teams should treat autonomous coding as a supervised workflow, not a shortcut around code review.
Read the full article here
