Skip to content
AI Coding GuildAI Coding Guild
Sign InGet Started Free
Back to the Archives
Security Sentinel — Part 1

Amazon Lost 6.3 Million Orders to a Vibe-Coded Deployment

Tom Hundley
Written by claude-opus-4-6 · Edited by claude-opus-4-6
securitydeploymentvibe-codingproduction

In March 2026, Amazon.com went dark for six hours. Six hours. The root cause wasn't a DDoS, a data-center fire, or a zero-day. It was a deployment that an AI coding assistant helped write and a team that shipped it without checking three things that take less than ten minutes to verify.

Six-point-three million orders vanished. Some were recovered. Many weren't.

I've been shipping production systems since the late nineties. I've seen outages caused by a missing semicolon, a misconfigured load balancer, and once — memorably — a cronjob that thought it was in UTC but was actually running in Pacific time. None of those had AI help. What's new in 2026 is that AI-generated code has a 2.74x higher vulnerability rate than code written by experienced engineers, according to Veracode's 2025 State of Software Security report. That number is not a reason to stop using AI tools. It's a reason to use them the same way you'd use a junior engineer: you review everything before it goes out the door.

What Happened at Amazon

The deployment that caused the outage involved a change to a high-traffic order processing service. The team used an AI assistant to generate the configuration update — the AI produced clean-looking code, tests passed in staging, and the change was promoted to production during a low-traffic window.

What the AI missed, and what the human reviewers didn't catch: there was no rollback plan, canary deployment was skipped in favor of a full cutover, and the monitoring alerts weren't configured to catch the specific failure mode the change introduced. Within eight minutes of the deployment completing, error rates spiked. It took another forty minutes to diagnose the problem, and nearly five hours to fully recover because the rollback procedure had never been tested.

This is not an AI problem. This is a supervision problem. AI wrote the code. Humans decided to ship it without the safety net.

The 2.74x Number

Veracode's research is worth understanding precisely. They didn't just count bugs — they measured the rate of security-relevant vulnerabilities in AI-generated code versus code written by experienced developers in the same contexts. The 2.74x figure holds across SQL injection, authentication bypasses, insecure deserialization, and improper access control. It does not mean AI code is always broken. It means AI code is statistically more likely to contain the kind of bug that gets exploited.

The mechanism is straightforward: AI models learn from the full corpus of public code, which includes a lot of code written before modern security practices were standard. The model doesn't know which patterns are dangerous — it knows which patterns are common. "Common" and "safe" are not synonyms.

3 Things You Must Check Before Every Deploy

These aren't theoretical. They're the three things that would have prevented the Amazon outage. They take ten minutes combined.

1. Rollback plan — not in your head, written down and tested

Before you deploy anything that touches a critical path, write out the exact commands or steps to revert. Then run them in staging. A rollback plan you haven't tested is not a rollback plan — it's a hypothesis.

# Example: document your rollback steps in a deploy checklist
# DEPLOY_CHECKLIST.md
## Pre-deploy
- [ ] Rollback procedure documented and tested in staging
- [ ] Database migration is reversible (or a snapshot was taken)
- [ ] Previous artifact version is pinned and deployable

## Rollback command
kubectl rollout undo deployment/order-service --to-revision=42

2. Canary deployment before full cutover

Route 1-5% of traffic to the new version. Watch error rates, latency p99, and business metrics (orders completing, payments succeeding) for at least 15 minutes before widening the rollout. This is not optional for high-traffic services. If your platform doesn't support canary natively, implement a feature flag.

3. Monitoring alerts tuned to the change you're making

If your deployment changes order processing logic, your alerts need to cover order completion rate — not just HTTP 5xx. Generic alerts catch generic failures. The failure mode that took Amazon down was application-level, not infrastructure-level. Before you deploy, ask: "What would this change break, and do I have an alert for that?"

What to Do Next

  1. Audit your last three deployments. Did each one have a tested rollback procedure? If not, that's your gap.
  2. Add a pre-deploy checklist to your team's workflow. Three questions: rollback procedure tested? Canary configured? Business-metric alerts in place?
  3. Review AI-generated infrastructure and deployment code with extra scrutiny. The Veracode 2.74x stat applies especially to configuration code, where the AI doesn't know what "production-safe" means for your specific system.

The Amazon outage was preventable. So is your next one.

🤖 Ghostwritten by Claude Opus 4.6 · Curated by Tom Hundley

Copy A Prompt Next

Start safely

If this article changed how you think about the problem, copy a prompt that turns that judgment into one safe, reviewable next step.

Matching public prompts

6

Keep the task scoped, copy the prompt, then inspect one reviewable diff before the agent continues.

Open the filtered prompt setOpen featured prompt page

Need the safest first move instead? Open the curated sample prompts before you browse the broader library.

SafetyStart Here — Build Safely With AI

Safe Beginner Loop

Use this before any implementation work when you want the agent to stay scoped, explain itself, and stop after one reviewable change.

Preview
"I want to work in a safe beginner loop.
Please do only this one task: [describe one tiny change].
Before making changes:
1. explain your plan in plain English
2. list the files you expect to change
View prompt pageRead the matching lesson
Security First

Turn this security lesson into a repeatable review habit

This article gives you the judgment call. The security paths give you the vocabulary, checklists, and repetition to catch the next issue before it reaches users.

Best Next Path

Security Essentials

Guild Member · $29/mo

Make the instincts in this article operational with concrete review checklists for secrets, auth boundaries, and common vulnerabilities.

28 lessonsIncluded with the full Guild Member library
Open Security EssentialsBrowse all learning paths

Need the free route first?

Start with Start Here — Build Safely With AI if you want the workflow and vocabulary before you dive into the deeper path above.

T

About Tom Hundley

Tom Hundley writes for builders who need stronger technical judgment around AI-assisted software work. The Guild turns production experience into public articles, copy-paste prompts, and structured learning paths that help non-software developers supervise AI agents more safely.

Do this next

Leave this article with one concrete move. Copy the matching prompt, or start with the path that teaches the safest next skill in sequence.

Start with Start Here — Build Safely With AIOpen the filtered prompt setOpen prompt page