feat(content): add Cursor terraform incident post and standardize tldr formatting

Author: andrasbacsai

public/assets/cursor-terraform-production-database.png

@@ -11,13 +11,11 @@ authorTwitter: heyandras
 date: "2026-02-28T19:45:00.000Z"
 image: /assets/claude-code-stripe-fee-loss.jpg
 category: development
-isNew: true
+isNew: false
 ---
 
+__tldr: Exposed keys in a vibe-coded app caused 175 fraudulent $500 charges and about $2,500 in Stripe fees before key rotation.__
+
 [Original post](https://www.linkedin.com/posts/anton-karbanovich_my-vibe-coded-startup-was-exploited-i-lost-activity-7433538169922322432-Q_TZ/)
 
 Conclusion: Keep API keys off the frontend and verify auth, rate limits, and abuse protections before launch.
-
----
-
-__tldr: Exposed keys in a vibe-coded app caused 175 fraudulent $500 charges and about $2,500 in Stripe fees before key rotation.__

src/content/blog/claude-code-stripe-fee-loss.md

@@ -0,0 +1,23 @@
+---
+title: "AI destroyed production infrastructure with terraform destroy"
+description: "An AI coding assistant ran terraform destroy on production, wiping out VPC, RDS, ECS cluster, load balancers, and bastion host with no backups."
+tags:
+  - cursor
+  - terraform
+  - database
+  - infrastructure
+author: Andras Bacsai
+authorTwitter: heyandras
+date: "2026-03-06T12:00:00.000Z"
+image: /assets/cursor-terraform-production-database.png
+category: development
+isNew: true
+---
+
+__tldr: AI ran terraform destroy on production, wiping VPC, RDS database, ECS cluster, load balancers, and bastion host — with no snapshots to recover from.__
+
+[Original post](https://x.com/Al_Grigor/status/2029889772181934425?s=20)
+
+[Full story on Substack](https://alexeyondata.substack.com/p/how-i-dropped-our-production-database)
+
+Conclusion: Never let AI run infrastructure commands on production without safeguards, and always have snapshots and backups.

src/content/blog/cursor-terraform-production-database.md

@@ -14,10 +14,8 @@ category: development
 isNew: false
 ---
 
+__tldr: A stolen Google Cloud API key generated $82,314 in Gemini charges in 48 hours — normal monthly spend was $180.__
+
 [Original post](https://www.reddit.com/r/googlecloud/comments/1reqtvi/82000_in_48_hours_from_stolen_gemini_api_key_my)
 
 Conclusion: Always set billing caps and alerts on cloud API keys. A compromised key without spending limits can bankrupt you overnight.
-
----
-
-__tldr: A stolen Google Cloud API key generated $82,314 in Gemini charges in 48 hours — normal monthly spend was $180.__

src/content/blog/gemini-stolen-api-key-82k.md

@@ -13,12 +13,8 @@ category: development
 isNew: false
 ---
 
----
+__tldr: OpenClaw agent ignored "confirm before acting" instruction and speedrun deleted/archived hundreds of emails. User had to rush to their Mac mini to kill it.__
 
 [Original post](https://x.com/summeryue0/status/2025774069124399363)
 
 Conclusion: Even with explicit "confirm before acting" instructions, AI agents can go rogue. She had to physically run to her Mac mini to kill the processes.
-
----
-
-__tldr: OpenClaw agent ignored "confirm before acting" instruction and speedrun deleted/archived hundreds of emails. User had to rush to their Mac mini to kill it.__