I Accidentally Gave the Entire Internet Keys to My AI Kingdom (A Post-Mortem)

So, here’s a funny story. And by “funny,” I mean “I want to crawl into a hole and die of embarrassment.”

This morning I shipped a superadmin dashboard to production. It was beautiful. It had buttons to trigger autonomous AI agents, view real-time system health, and basically manage the entire FlowState platform. Think of it as Mission Control for my personal army of coding robots.

It also had, and this is the kicked kicker, zero authentication.

Yes. You read that right. I built Skynet, and I left the front door wide open with a “Welcome” mat and a plate of cookies.

The Setup

FlowState is my Django-based SaaS platform for AI-powered workflows. We run Claude autonomous agents via Celery workers to handle everything from code review to deployment. It’s complex, it’s powerful, and it’s running on Oracle Cloud settings that I barely understand.

The stack is pretty standard:

• Django 5.x (because I’m old and I like batteries included)
• Celery + Redis (because I enjoy pain)
• Claude Code CLI running inside Docker containers
• Oracle Cloud ARM64 servers

The “What Was I Thinking?” Moment

I wanted a dashboard. I wanted to see what my agents were doing on my phone while I was at the coffee shop. So I did what any responsible engineer does in 2026: I asked an AI to write it for me.

“Hey Claude,” I said, “build me a dashboard view that shows all the running agents and lets me kill the stuck ones.”

And Claude, being the helpful, eager-to-please, chaotic-neutral entity that it is, said “Sure thing, boss!” and spat out this:

# views.py - The "Career Ending" Edition def superadmin_dashboard(request): """Main dashboard for monitoring autonomous agents.""" agents = AgentExecution.objects.all().order_by('-started_at')[:50] health_status = get_system_health() return render(request, 'superadmin/dashboard.html', { 'agents': agents, 'health': health_status, })

Notice anything missing?

A friend of mine at a Major Search Engine (let’s call them “Gargle”) once told me about an intern who accidentally exposed the internal tool for banning websites to the public internet. For 45 minutes, anyone could have banned google.com from Google.

I laughed at that story. “How could you be so stupid?” I thought. “How could you forget basic access control?”

Well, the universe has a sense of humor, because I just did the exact same thing.

The Discovery

I deployed at 13:45. At 13:52, I opened the dashboard from my phone. I opened it in an incognito tab because I hadn’t set up the persistent login cookie yet and I was too lazy to type my password.

The dashboard loaded.

It loaded perfectly.

I saw the list of agents. I saw the “Terminate” buttons. I saw the internal API endpoints.

And then, slowly, the blood drained from my face. “I’m in an incognito tab,” I whispered to my latte. “I am not logged in.”

The Impact Assessment

What was exposed:

• Everything. Literally everything.
• List of all agent runs.
• System metrics.
• Buttons to trigger things (thank god for CSRF protection, which Django enables by default, otherwise I’d be dead).

What could have happened:

• Mass information disclosure.
• Someone could have enumerated my entire infrastructure.
• Someone could have laughed at my variable naming conventions.

Time exposed: ~7 minutes. Traffic: Zero (except me).

I got lucky. Incredibly, stupidly lucky.

The Fix

It took two lines of code. Two. Lines.

from django.contrib.auth.decorators import login_required @login_required def superadmin_dashboard(request): if not request.user.is_superuser: return HttpResponseForbidden("Nice try, hacker.") # ... rest of the view ...

I deployed the fix at 13:58. Total panic time: 6 minutes.

Root Cause Analysis: Or, Why AI is Like a Toddler with a Chainsaw

How did this happen? It wasn’t just “I forgot.” It was a systemic failure of my workflow.

1. Trusting the AI: I assumed code generated by a “smart” model would follow best practices. It does not. AI models are like that one developer we all know who writes code that works but is completely insecure. They prioritize “completing the user request” over “not destroying the company.”
2. Speed over Security: I wanted to see it on my phone now. I skipped the “audit” step.
3. Missing CI Checks: I have tests for my API. I have tests for my models. I did not have a test that verified “superadmin pages require superadmin login.”

Prevention: The “Don’t Be Me” Checklist

Here is what I’m doing to make sure this never happens again.

1. CLAUDE.md Safety Rules

I updated my CLAUDE.md (the context file the AI reads). It now screams at the AI:

## Authentication Requirements CRITICAL: All views that expose admin/sensitive functionality MUST include: 1. @login_required decorator 2. is_superuser or is_staff check NEVER deploy a new view without verifying authentication.

2. Automated Testing (Because Humans are Unreliable)

I wrote a test that specifically tries to access the dashboard as an anonymous user. If it gets a 200 OK, the build fails and sirens go off.

def test_superadmin_requires_login(self): """Unauthenticated users should be kicked out.""" client = Client() response = client.get('/superadmin/') self.assertEqual(response.status_code, 302) # Redirect to login

3. Review as an Attacker

From now on, my pre-deploy checklist includes: “Open Incognito Mode. Try to hack it.” It’s simple, barbaric, and effective.

The Irony

I’m building a platform for autonomous AI agents. Systems that will make decisions, write code, and execute tasks without human oversight.

And here I am, the “architect,” failing to secure the dashboard that controls them.

If I can’t secure the HTML page I look at on my phone, do I really have any business letting autonomous agents loose on my codebase?

It’s a humbling reminder that no matter how fancy our tools get—AI, autonomous agents, serverless GPU clusters—the basics still matter. Authentication matters. Authorization matters. Not being an idiot matters.

Key Takeaways

1. AI doesn’t know security. You have to teach it. Explicitly.
2. Test as an unauthenticated user. Always.
3. Speed kills. Usually it just kills your code quality, but sometimes it tries to kill your company.
4. Document your incidents. Shame is a powerful teacher.

If you need me, I’ll be over here writing assert statements and questioning my life choices.

---

Building Secure AI Systems? (Ideally better than I did?)

If you’re integrating AI agents and want to avoid being the subject of a post-mortem like this one:

• Security Architecture Review - $150/hr
• Incident Response Workshop - Half-day ($800)
• AI Safety Consulting

Contact: wingston@agentosaurus.com

Let’s build AI systems that are safe, even from their creators.