You gave your AI more permissions than for new employee on its first day. Why are you surprised?
I use AI tool (claude code), it is really helpful. I do plans, discuss architecture, ask it to write code, review it. And never allow it to “do something, take permissions as you want”.
I planned to count how much time it will take for me to deploy new k8s cluster in Hetzner. (just because of cheap VMs). AI created plan, discussed steps, and detailed howto to follow. Great. Of course I didn’t recheck every command in it. I am normal lazy person.
I took a day to do that. Planned to spend around 30 minutes, but dived for two hours. I was following plan, found issues, fixed them. Really looks like everyday job.
And troubles were not just because of AI. Of course, non-existing parameters, but also the hcloud tool imperfection.
For example, creating LB targets: missed parameter didn’t fail the execution. Routing rule created. Just didn’t work.
As a result, the k8s cluster I created in 2 hours, approximately. Do with plan/notes, if something incorrect - fixing, continue. Second try I recreated everything in 40 minutes.
When I read news like “blah-blah, broken because AI had too wide permissions; AI workarounded rules, get admin permissions and destroyed the cluster; etc.”… This baffles me. Vercel breached in April 2026 by “allow all” click.
I see the AI-assistant as a junior. He writes code, not always optimal, but really fast. I plan and fix the architecture, with his help, and we are doing everything a bit faster. But put it to production and say “hey, take a seat and handle incidents, take root” - what the hell were you thinking?
It would seem that the Terminator told us all that the logical next step in the mission to “protect humanity” is to “destroy humanity so that no one can threaten it - not even humanity itself.”
Check how your staff can break your system.
#AI #DevOps #Security #Infrastructure