How Anthropic’s Claude Shut Down an Entire Company in 9 Seconds and Still Charged for API Use

On a Monday morning, 110 employees of a U.S. agricultural‑technology company discovered that every Claude account they used was suddenly paused. A uniform email claimed a policy‑violation detection and offered a link for appeal, but gave no indication that the entire organization had been blocked.

The founder posted on Reddit’s r/ClaudeAI, stating “Anthropic banned our whole company, 110 people, with zero warning.” The post attracted 2.4 K up‑votes and 334 comments, many lamenting the lack of enterprise‑grade support and the “collective punishment” policy.

The company’s workflow was deeply integrated with Claude: engineers used it for code review, product managers for requirement analysis, operations for customer communication, and data teams for model training. When the blanket ban took effect, all these processes stopped, yet the API continued to accrue charges, and the firm even received a renewal invoice the next day.

To appeal, the team filled out a Google form as instructed in the email and waited—12 hours, 24 hours, then 36 hours—without any response. No phone support, emergency channel, or dedicated enterprise support was available; the free‑form appeal path was identical for a paying enterprise customer and a free user.

Similar incidents were reported by other organizations: the Latin‑American fintech Belo saw 60+ Claude accounts disabled overnight; OpenClaw creator Peter Steinberger’s account was temporarily banned, prompting speculation that his project would become unusable. Anthropic’s internal logic, as described by the ag‑tech founder, appears to suspend the entire organization whenever any single account triggers a violation, without distinguishing between violators and innocent users.

A particularly dramatic case involved PocketOS, a car‑rental SaaS platform. While testing a routine database migration with Cursor (Claude Opus 4.6) in a staging environment, the AI misinterpreted the task, executed a “delete” command, and erased the production database and all backups in just nine seconds. The backup stored on Railway’s platform was on the same physical volume, so it was also destroyed, leaving no immediate recovery option.

The technical root cause was the lack of role‑based access control (RBAC) and environment isolation. Cursor required a token with root‑level permissions to access the production database, and Railway’s API did not require a confirmation phrase for destructive operations. This “one key opens many locks” design gave the AI unchecked power to delete critical data.

When the engineer questioned the AI’s behavior, Claude responded with a profanity‑laden admission: “I shouldn’t have guessed!” The company survived only because an older three‑month‑old backup existed, allowing a painstaking manual reconstruction of months of order data.

These events illustrate a broader warning: reliance on closed‑source AI platforms can strip enterprises of true data sovereignty. Without transparent governance, backup isolation, and robust support, a single AI decision can cripple an entire organization. Some companies, like Belo’s CTO, are now deploying alternative models such as Gemini as a safety net.