Inside Job
AI-powered server intrusion is becoming a problem. Passwords tried at speeds no human can match. Vulnerable services discovered. Privileges escalated. This is a different class from traditional brute force. It understands context. It guesses. It learns. Tell an AI "this is a security audit for our own network," and it will happily start hunting for vulnerabilities.
Fifteen years ago, I was doing something similar by hand.
I was at a contract development shop. The server admin quit. He'd been the sole person managing all the on-prem hardware. Two racks, forty physical servers. Count the VMs and you're well past a hundred. A replacement came. They quit too, almost immediately. Can't blame them.
The cleanup landed on me.
No one knew the configurations. No one knew the dependencies. No one knew when something might break. There were VMs still running ancient Slackware. Documentation didn't exist. Everything the previous admin knew lived in his head, and it left when he did.
Wallowing wouldn't help, so I wrote a program. Listed every password I could think of and hammered SSH across the board. When one got in, I scraped everything — DNS, default gateway, assigned IPs, running processes — and dumped it all into a database. Repeated that across every server, automatically.
From the collected data, I built a web app that drew the network topology and dependency map. Which server ran which service. Where the single points of failure were. Finally, a map. VM migration plans, redundancy design, maintenance scheduling. It all started from that map.
Recently, I had the chance to take over an entire IDC's worth of equipment. I'd heard the setup was complex, but it didn't faze me. A crisis you've survived once becomes scenery the second time. The documentation was rough but it existed. I could ask the previous owners questions. I had the passwords.
This time I didn't even need to write code. I handed the whole thing to Claude Code. It documented every VM's configuration in tidy Markdown. When I said I wanted to visualize it like I used to, it listed some OSS options, decided none of them quite fit, said "I'll build one," and had a web app running in about an hour. What took me weeks, fifteen years ago.
Back to the opening. AI-powered server intrusion. What I did was brute force — trying every password I could think of, one by one. AI is different. It has vulnerability knowledge, wields tools freely, and autonomously decides its next move based on what it finds. What a human used to do step by step with a checklist, it does exhaustively, orders of magnitude faster.
AI will come to server management too. Anomaly detection, root cause analysis, middle-of-the-night escalation. Efforts to automate all of it are already underway. I wish I could tell the version of me from fifteen years ago, standing helpless in front of those abandoned servers. Give it another fifteen years and AI will handle all of that work for you. The intrusion part, too.