I Built an Agentic Linux Security Tool. It Took Way More Iterations Than I Expected.

This started as a simple experiment: can you point an AI at a Linux system, have it collect forensic data, and get something more useful than a wall of text back?

The answer, it turns out, is yes — but not in the way I originally thought, and not without a lot of iteration to get there.

How It Started

The initial idea was straightforward. Run a bunch of forensic commands — process lists, open sockets, SUID binaries, kernel modules, log anomalies, the usual — pipe the output to Claude, and get a triage report back. Simple agentic loop. Collect, analyse, report.

And that bit worked fine. Claude is actually pretty good at reading ps auxf output and spotting things that look wrong. Better than I expected, honestly.

I Built an Agentic Linux Security Tool. It Took Way More Iterations Than I Expected.

Other newsrooms on this story

Related reading

One command turns any open-source repo into an AI agent backdoor. OpenClaw…

I still don't want to give Claude SSH access, so I built a doctor for my homelab

My fully offline AI-assisted Linux development machine

OpenSRE: Build Your Own AI Incident-Investigation Agent

What I learned building an AI agent loop in Go

CyberSecQwen-4B: Why Defensive Cyber Needs Small, Specialized, Locally-Runnable…