GitHub's merge queue just silently deleted code across 2,092 pull requests in 230 repositories. The corruption lasted 3 hours and 33 minutes. There was no status page entry. No notification. No alert. Engineers discovered the problem when they noticed their merged changes had vanished. This is GitHub's third significant failure in just 5 days — and they now need 30× more capacity because of AI agent load. Your development infrastructure is not as reliable as you think.
What Happened
Here's the timeline of GitHub's worst week of 2026:
Failure 1 (Day 1): AI Agent Load Overwhelms Infrastructure
GitHub's CTO published a blog post acknowledging that AI agent workflows have "accelerated sharply since December 2025." The platform is moving webhooks out of MySQL, redesigning session caches, and migrating to Azure. None of these fixes were deployed yet.
Failure 2 (Day 3): Outages "Almost Every Day"
Mitchell Hashimoto, HashiCorp co-founder, publicly quit GitHub after 18 years, citing reliability concerns. His review of the status journal showed incidents "almost every day."
Failure 3 (Day 5): Merge Queue Silently Deletes Code
The merge queue — GitHub's mechanism for safely merging multiple PRs in sequence — experienced a catastrophic bug. Instead of merging code, it deleted it. The affected PRs showed as "merged" in the UI, but the code changes were not present in the target branch.
2,092 PRs across 230 repositories were affected over 3 hours and 33 minutes. GitHub didn't post a status page entry. Teams discovered the problem when they checked their code and found merged changes missing.
Why This Is Terrifying
1. Silent Corruption Is the Worst Kind of Failure
When GitHub goes down completely, you know immediately. Your CI/CD fails. Your developers can't push. The problem is visible and you can work around it.
Silent corruption is different. Everything looks normal. PRs show as merged. The UI reports success. But the code isn't there. If you don't verify every merge manually — and nobody does — the corruption goes undetected until something breaks in production.
2. No Status Page Entry
GitHub didn't acknowledge the incident on their status page. Teams relying on status.github.com to detect problems had no idea anything was wrong. The only way to discover this was to manually inspect your repository history.
3. Three Failures in Five Days
This isn't an isolated incident. It's a pattern of accelerating failures driven by AI agent load. GitHub needs 30× more capacity, and their current infrastructure can't deliver it. Until the migration to Azure is complete, more failures are likely.
4. AI Agents Make It Worse
AI coding agents depend on GitHub for every operation — cloning repos, creating branches, submitting PRs, running CI/CD. When GitHub corrupts data, the agents continue operating on incorrect assumptions. An agent that merged a PR assumes the code is there. If it's been silently deleted, the agent's subsequent work is based on incorrect state.
The Recovery Playbook
If your code was affected by the merge queue bug — or if you want to prepare for the next incident:
1. Audit Your Merge History
Check every merge from the affected period (review GitHub's incident timeline when published). For each PR marked "merged," verify that the code changes actually exist in the target branch. Look for empty diffs where changes should be.
2. Implement Integrity Checks
Add automated checks that verify merge integrity:
- After every merge, confirm that the diff between pre-merge and post-merge matches the PR's changes
- Alert immediately if a "merged" PR has zero impact on the target branch
- Run these checks as part of your CI/CD pipeline
3. Mirror Your Repositories
Don't trust a single hosting provider. Mirror your repositories to:
- Secondary git hosting (GitLab, Bitbucket, self-hosted Gitea)
- Local backups with automated
git fetch --allon a cron schedule - Archival storage (S3, Backblaze) with full repository snapshots
4. Build Multi-Provider CI/CD
Design your CI/CD pipeline so it works with any git hosting provider:
- Use git (the protocol) as your dependency, not GitHub (the platform)
- Abstract GitHub-specific features (Actions, Packages) behind a compatibility layer
- Test failover to your secondary provider at least quarterly
5. Add Canary Repositories
Create small "canary" repositories that auto-merge test PRs every hour. Monitor these repos for silent corruption. If a canary merge fails integrity checks, alert the entire team immediately — before real code is affected.
Honest caveat: Multi-provider CI/CD and repository mirroring add operational complexity. Most teams won't invest in this until they've personally experienced data loss. If you're a small team with low-change-frequency repositories, the risk may be acceptable. If you're a large team with 100+ PRs per day, the risk is existential.
The Benchmarks
- PRs affected: 2,092
- Repositories affected: 230
- Duration: 3 hours 33 minutes
- Status page entries: 0
- GitHub failures in 5 days: 3 (significant)
- Capacity needed: 30× current (per GitHub CTO)
- Previous major incidents: HashiCorp co-founder quit, outages "almost every day"
- Root cause: AI agent load overwhelming infrastructure not designed for it
The Financial Impact
Cost of silent code deletion
| Impact | Cost | |--------|------| | Developer investigation time (50 devs × 4 hours) | $20,000 | | Lost code recreation | $50,000-200,000 | | Production bugs from missing code | $10,000-500,000 | | CI/CD pipeline failures | $5,000-20,000 | | Trust damage in code review process | Incalculable | | Total per incident | $85,000-740,000 |
Cost of prevention
| Item | Cost | |------|------| | Repository mirroring setup | $2,000-5,000 (one-time) | | Merge integrity checks in CI/CD | $3,000-8,000 (one-time) | | Canary repository monitoring | $1,000-3,000 (one-time) | | Ongoing maintenance | $5,000-10,000/year | | Total first-year cost | $11,000-26,000 |
ROI of prevention: 3-28× per incident avoided.
Closing Thoughts
GitHub silently deleting code is the worst kind of infrastructure failure — the kind you don't discover until it's too late. No status page entry. No notification. Just code that should be there, isn't.
This isn't a GitHub-specific problem. It's a symptom of the AI load paradox: platforms built for human-scale collaboration are being crushed by AI-scale automation. GitHub needs 30× more capacity. Their infrastructure can't deliver it yet. More failures are coming.
The teams that survive are the ones that stop trusting their hosting provider and start treating git infrastructure like production infrastructure — with redundancy, monitoring, integrity checks, and disaster recovery. The teams that don't will eventually discover that their code isn't where they think it is.
Don't wait for your own 2,092-PR incident. Audit your merge integrity today.
Worried about code integrity? Book an Infrastructure Resilience Assessment — we'll audit your git hosting dependencies, implement merge integrity checks, and build a multi-provider disaster recovery plan that keeps your code safe even when GitHub doesn't.