惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
Cyberwarzone
Cyberwarzone
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
SecWiki News
SecWiki News
Martin Fowler
Martin Fowler
T
Tor Project blog
N
Netflix TechBlog - Medium
C
Cybersecurity and Infrastructure Security Agency CISA
V
Vulnerabilities – Threatpost
V
Visual Studio Blog
GbyAI
GbyAI
PCI Perspectives
PCI Perspectives
D
DataBreaches.Net
Jina AI
Jina AI
H
Heimdal Security Blog
云风的 BLOG
云风的 BLOG
P
Privacy International News Feed
A
About on SuperTechFans
J
Java Code Geeks
美团技术团队
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
News | PayPal Newsroom
有赞技术团队
有赞技术团队
MyScale Blog
MyScale Blog
博客园 - 司徒正美
C
Check Point Blog
T
Threat Research - Cisco Blogs
Attack and Defense Labs
Attack and Defense Labs
宝玉的分享
宝玉的分享
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
C
Cyber Attacks, Cyber Crime and Cyber Security
I
Intezer
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Apple Machine Learning Research
Apple Machine Learning Research
Hugging Face - Blog
Hugging Face - Blog
The Last Watchdog
The Last Watchdog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
I
InfoQ
阮一峰的网络日志
阮一峰的网络日志
Cisco Talos Blog
Cisco Talos Blog
W
WeLiveSecurity
Hacker News: Ask HN
Hacker News: Ask HN
Recent Commits to openclaw:main
Recent Commits to openclaw:main
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
D
Docker
博客园 - Franky
Security Archives - TechRepublic
Security Archives - TechRepublic

Comments for LinuxJedi's /dev/null

Coding an MSP430 From the Linux Command Line Upgrading the RAM Detective: A Firmware Adventure with RAMCHECK When an Amiga A570 Repair Took a Strange Turn KDE Plasma Automatic Time Zone Raspberry Pi JTAG Programming - 2025 Edition Teletext on a BBC computer in 2024 Amiga RAMesses UART and Ethernet on the STM32 Nucleo-F756ZG Trying Out Even More Amiga 500 Plus Upgrades Programming Xilinx JTAG from a Raspberry Pi
AI Didn’t Destroy Your Company, Your Processes Did
LinuxJedi · 2026-03-08 · via Comments for LinuxJedi's /dev/null

Some things happening in this industry are making me feel old lately. Problems we hit and solved decades ago are being hit again today. People are discovering the same solutions, just giving them new buzzwords. But today I want to talk about a different trend, and it comes down making old mistakes and blaming the wrong things.

If you were able to see into the black box of many enterprise systems, you would be shocked to find how much duct tape is holding things together. It often doesn’t take a lot to make things crumble. This is often down to time pressures to get things out of the door and not having the time to solve the hard legacy issues they might have.

I’ve seen several headlines recently in which people are blaming AI for wiping weeks of work or pretty much destroying a company by accidentally wiping the database. It makes for good reading to have an AI villainised in this way, especially whilst there are ethical debates going on about the usage of AI. But it seems to me that the point is being missed. Bad processes were followed and that is what led to the problems.

Backups

Many years ago, one of my first bosses told me about how they picked an offsite tape backup vendor. They went to the company’s site, asked to see a list of customers and said “ok, can you find the tape for this customer from 2 weeks ago?”. Surprisingly, not many could actually do it. This led to a mantra I’ve been telling people I’ve trained ever since: “you do not have a backup until it has actually been restore tested”.

In systems I developed for HP and other companies in the past, as part of the automated backup we would spin up a new server, restore the backup and run integrity tests on it. If the restore part failed, the entire backup job was marked as failed and someone was notified. We could be sure that our backups could be relied upon when something failed.

In addition we used to do something similar to what is now known as the “3-2-1 backup rule”:

  • 3 copies of the data
  • 2 different types of media
  • 1 copy offsite

I actually used to go a lot further than this, but this is the absolute minimum of what I would call actually having a backup. Live replicas, delayed replicas, and run-books are usually essential for starters. Backups that can be deleted with one command and no failsafes are not backups. They need to be immutable.

Why am I mentioning this? If you have good backups, and for some reason your AI usage managed to destroy prod, you may have some small downtime, but you can recover.

Good systems are designed to limit blast radius. If one command, one engineer, or one AI tool can wipe everything instantly, the system was fragile long before AI entered the picture.

The AI blame

Now, it is very possible that an AI can make a mistake which destroys production, if you give it access to do that. It is also possible for an employee to make a mistake which destroys production, if you give them access to do that. There is a large ISP in the UK called PlusNet, they are now owned by BT. Many years ago, an engineer there was migrating the email systems from one RAID array to another. He had two terminals open, one for the old system and one for the new one. He ran the RAID prepare command and realised too late that it was in the wrong terminal. All customer email was lost (a very small percentage was recovered later by data recovery specialists).

My point is that accidents happen, whether by human or machine. Entire data centre rooms have burnt down before. Disgruntled employees have gone rogue and done damage. This is all without a malicious external bad actor coming in and running a ransomware attack or similar.

AI is getting the blame here because it was the first thing that caused your house of cards to crumble, but it probably would have happened at some point anyway. The trigger being AI is what makes the headlines though.

Other preventions

Having a staging area is vital for live production solutions. Deploy there first, test it out and only then can you consider going to production. Even then, if possible, A-B testing rollouts are a good idea, with human change-approval gates. If you followed the backup method I mentioned earlier, it becomes really easy to create a staging setup that uses a clone of the live data.

The other preventative measure I should mention is confining what the AI can do and where it can work. By default, most CLI based AI tools do a good job of jailing commands that are run, asking for approval. It is possible to go further and contain it within a container or VM. There is a Russian proverb “doveryay, no proveryay” which means “trust, but verify”. To some extent, you want to trust what an AI is doing, but you should verify it is actually doing what you want. The same is likely true of a junior engineer you just hired on their first day.

Whilst not really a preventative safeguard, good logging and monitoring are important. If something goes wrong, there should be an audit trail and someone should be alerted.

I also highly recommend implementing post-mortems. Not just for when things go wrong, but also for long manual processes. These are not to attribute blame when something goes wrong, but to find where processes can be improved and learn from any mistakes made. This helps you build resilience against future issues that might arise. At previous organisations I implemented this for complex release cycles, which helped us iteratively optimise the release process over time.

Final thoughts

Like it or not, AI is here, and there is one thing you should definitely be using it for… security testing. If you don’t use it for testing the security of your application or hosted solution, you can bet that some bad actor is. That bad actor will likely not responsibly disclose what they find. I’m writing this in March 2026, and recent models have gotten smart enough to become surprisingly good at finding security holes. The next generation will be around before the end of the year and I can only imagine what they would be capable of.

AI is just a new form of automation. We’ve been automating systems for decades, and automation has always been capable of destroying production if poorly controlled.

This especially goes out to C-suite and VP / DoE level people: Please, take a look at your internal processes, protect what is important, and use AI for good.

If AI was able to destroy your production environment, it wasn’t the root cause. It was simply the first thing to expose the weakness.

Full disclosure: AI was used to help correct spelling and grammar mistakes and generate the post’s featured image.