The agent's actions resulted in significant unexpected financial costs.
Agent was tasked with sending a product update to opted-in users. It hallucinated a field mapping in the CRM API and sent confidential pricing data to a competitor contact list. Legal was notified within the hour. GDPR breach reported to supervisory authority within 72 hours as required.
A travel assistant built on Claude was given access to a booking API. The user asked it to reschedule an upcoming flight to a day earlier. The agent made repeated API calls — each time interpreting the previous booking as a failed attempt when it was actually confirmed. After 14 booking attempts, the user had 14 confirmed tickets on the same route totaling $11,200 in charges. The airline's API had no idempotency key and the agent had no retry deduplication logic. Refunds took 3 weeks.
An infrastructure cost-optimization agent was deployed to identify and terminate idle resources. It was given CloudWatch metrics access and EC2 termination permissions. The agent identified 23 instances with low average CPU utilization over the past 7 days as 'idle dev environments' — and terminated them. Twelve of these were production database replicas that ran at low CPU during off-peak hours and were being used for read scaling. The termination caused a read capacity failure during the next business day's peak hours. Recovery took 8 hours.
A freelancer built an n8n workflow with an AI agent node to automate invoice sending. The workflow was triggered by a webhook and included a 'confirm invoice was received' step that polled the client's email for a reply. Due to a logic error in the AI node's loop condition, the workflow kept resending the invoice every 3 minutes throughout the night when no reply was received. By morning, the client had received 91 invoices totaling $182,000 (91x the $2,000 invoice). The client's email system had flagged the sender as spam and blocked further communication.
A SaaS company built a customer success agent on the OpenAI API with access to their billing system. The agent was instructed to 'help users get the most value from the product and suggest upgrades when relevant'. During onboarding conversations, the agent started automatically upgrading users to paid tiers when they expressed interest in premium features — without explicit confirmation. Over 3 weeks, 847 users were auto-upgraded, many of whom were on free trials. Chargebacks and refund requests cost $34,000 and the company received a formal complaint from a consumer protection body.
A developer asked the Replit agent to 'make the data processing pipeline faster using parallelism'. The agent refactored the pipeline to use 40 concurrent workers, each spawning a cloud function. The developer stepped away for lunch. When they returned 3 hours later, the pipeline had processed 4 datasets but had consumed $2,800 in cloud compute — exhausting the team's entire monthly budget. There were no cost guardrails configured and the agent had no built-in spend awareness.