First 5 Minutes of Server Security for AI Workloads

Mar 10, 2026

Cowrie

Dev @ Bswen

My AI agent got compromised last week. It wasn’t a sophisticated attack - someone brute-forced the default SSH password and gained access to the server running my autonomous bot. The worst part? It took them less than 10 minutes.

I had skipped the basics. I was so focused on securing the AI model itself - rate limits, input validation, output filtering - that I forgot about the server underneath. Classic mistake.

Here’s the 5-minute security checklist I now run on every server before deploying any AI workload.

Minute 1: SSH Hardening

The first thing I do is lock down SSH. This is your primary attack surface.

ssh-hardening.sh

# Disable root login
sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

# Disable password authentication
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

# Change default port (pick something random)
sudo sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config

# Restart SSH
sudo systemctl restart sshd

But wait - I learned this the hard way. Before you disable password auth, make sure your SSH keys are actually working. Test in a separate terminal:

test-ssh-key.sh

# Test your key BEFORE closing the session
ssh -p 2222 your-user@your-server

For AI workloads, I also add a specific user for the agent:

create-ai-user.sh

# Create a dedicated user for your AI agent
sudo useradd -m -s /bin/bash ai-agent

# Set up SSH keys for this user
sudo mkdir -p /home/ai-agent/.ssh
sudo cp ~/.ssh/authorized_keys /home/ai-agent/.ssh/
sudo chown -R ai-agent:ai-agent /home/ai-agent/.ssh
sudo chmod 700 /home/ai-agent/.ssh
sudo chmod 600 /home/ai-agent/.ssh/authorized_keys

Why a separate user? If your AI agent gets compromised through application-level vulnerabilities, the attacker is limited to ai-agent permissions, not your personal user or root.

Minute 2: Fail2Ban Setup

Brute force attacks are automated. Your defense should be too.

install-fail2ban.sh

# Install fail2ban
sudo apt update && sudo apt install -y fail2ban

# Create local configuration
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

I configure it aggressively for SSH on the custom port:

/etc/fail2ban/jail.d/ssh-hardened.local

[sshd]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 600
bantime = 3600

This bans IPs for an hour after 3 failed attempts within 10 minutes. Adjust based on your threat model.

For AI workloads, I also add protection for common attack patterns:

/etc/fail2ban/jail.d/ai-protections.local

[nginx-limit-req]
enabled = true
filter = nginx-limit-req
port = http,https
logpath = /var/log/nginx/*error.log
maxretry = 5
findtime = 60
bantime = 600

# Protect API endpoints
[nginx-botsearch]
enabled = true
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 2
bantime = 86400

Why this matters for AI: Your AI agent might have API endpoints that trigger expensive operations. Rate limiting + fail2ban prevents abuse.

Minute 3: Firewall Configuration

I use ufw because it’s simple and I can set it up in under a minute.

firewall-setup.sh

# Reset to defaults
sudo ufw --force reset

# Set default policies
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow SSH on custom port
sudo ufw allow 2222/tcp comment 'SSH'

# Allow HTTP/HTTPS
sudo ufw allow 80/tcp comment 'HTTP'
sudo ufw allow 443/tcp comment 'HTTPS'

# Enable firewall
sudo ufw --force enable

For AI workloads with specific ports:

ai-firewall-rules.sh

# If your AI agent uses a specific API port
sudo ufw allow 8000/tcp comment 'AI API'

# Or restrict to specific IPs
sudo ufw allow from 10.0.0.0/8 to any port 8000 proto tcp comment 'Internal AI API'

The key principle: default deny, explicitly allow what you need.

Minute 4: Service Accounts and Permissions

This is where AI security diverges from traditional server security. AI agents are autonomous - they need strict permission boundaries.

I create a dedicated service account:

ai-service-account.sh

# Create service account with minimal permissions
sudo useradd -r -s /bin/false ai-service

# Create directories with appropriate ownership
sudo mkdir -p /opt/ai-agent
sudo chown ai-service:ai-service /opt/ai-agent
sudo chmod 750 /opt/ai-agent

# Create data directory
sudo mkdir -p /var/lib/ai-agent
sudo chown ai-service:ai-service /var/lib/ai-agent
sudo chmod 750 /var/lib/ai-agent

Then I use systemd to run the AI agent with restricted permissions:

/etc/systemd/system/ai-agent.service

[Unit]
Description=AI Agent Service
After=network.target

[Service]
Type=simple
User=ai-service
Group=ai-service
WorkingDirectory=/opt/ai-agent
ExecStart=/opt/ai-agent/bin/agent
Restart=on-failure
RestartSec=10

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/lib/ai-agent /var/log/ai-agent
ReadOnlyPaths=/opt/ai-agent

[Install]
WantedBy=multi-user.target

I made a mistake initially - I gave the AI service account sudo access because “it might need it.” That’s how my first agent got compromised. Now I follow the principle of least privilege religiously.

If the AI agent needs to perform privileged operations, I create a separate helper service or use sudo with specific command whitelisting:

sudo-whitelist.sh

# Allow ai-service to restart itself only
echo "ai-service ALL=(ALL) NOPASSWD: /bin/systemctl restart ai-agent" | sudo tee /etc/sudoers.d/ai-service
sudo chmod 440 /etc/sudoers.d/ai-service

Minute 5: Monitoring and Logging

The final minute goes to setting up basic monitoring so I can detect attacks.

basic-monitoring.sh

# Install and configure rsyslog if not present
sudo apt install -y rsyslog

# Create log directory for AI agent
sudo mkdir -p /var/log/ai-agent
sudo chown ai-service:ai-service /var/log/ai-agent

# Configure log rotation
sudo tee /etc/logrotate.d/ai-agent <<EOF
/var/log/ai-agent/*.log {
    daily
    missingok
    rotate 7
    compress
    delaycompress
    notifempty
    create 0640 ai-service ai-service
}
EOF

I also add simple intrusion detection:

install-aide.sh

# Install AIDE for file integrity monitoring
sudo apt install -y aide

# Initialize the database
sudo aide --init
sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db

# Set up daily checks
echo "0 6 * * * root /usr/bin/aide --check" | sudo tee /etc/cron.d/aide

For AI-specific monitoring, I track:

Monitoring points

Monitoring Points for AI Workloads:
├── API call frequency (rate limiting)
├── Authentication failures
├── Unusual file access patterns
├── Network connections from AI processes
├── CPU/memory spikes from agent processes
└── File modifications in /opt/ai-agent

I use a simple script to check these:

ai-health-check.sh

#!/bin/bash
# Check for suspicious activity

# 1. Failed login attempts
echo "=== Failed SSH Logins ==="
sudo grep "Failed password" /var/log/auth.log | tail -5

# 2. Banned IPs
echo -e "\n=== Banned IPs (fail2ban) ==="
sudo fail2ban-client status sshd

# 3. AI agent process status
echo -e "\n=== AI Agent Status ==="
systemctl status ai-agent --no-pager

# 4. Recent AI agent logs
echo -e "\n=== Recent AI Logs ==="
sudo journalctl -u ai-agent --no-pager -n 20

# 5. Network connections
echo -e "\n=== Active Connections to AI API ==="
sudo netstat -tunlp | grep 8000

Beyond the First 5 Minutes

These 5 minutes give you a solid baseline. But for production AI workloads, I also:

1. Use containerization - Run AI agents in Docker with resource limits and network isolation
2. Enable audit logging - Track every action the AI agent takes
3. Set up automated updates - Security patches should be automatic for critical vulnerabilities
4. Implement network segmentation - AI agents shouldn’t have direct internet access
5. Create incident response playbooks - Know what to do when (not if) something goes wrong

The Reddit thread that prompted this post showed someone running an AI agent with root privileges, default SSH configuration, and no firewall. They had API keys hardcoded in the agent’s code. That’s a multi-layer failure - but each layer could have been prevented with these basic measures.

Why This Matters for AI Workloads

Traditional security advice often assumes human operators. AI agents are different:

• They run 24/7 - No coffee breaks, no sleep, constant attack surface
• They make autonomous decisions - A compromised agent can cause damage before you wake up
• They have API keys and credentials - High-value targets
• They interact with external services - Each interaction is a potential vulnerability vector

The 5-minute checklist addresses these realities while maintaining operational simplicity. It’s not about perfect security - it’s about raising the bar high enough that automated attacks move on to easier targets.

I’ve automated this entire setup into a script I run immediately after provisioning any new server. The script takes 5 minutes and saves hours of incident response later.

Final Words + More Resources

My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me

Here are also the most important links from this article along with some further resources that will help you in this scope:

• 👨‍💻 My First Five Minutes on a Server
• 👨‍💻 Fail2ban Wiki
• 👨‍💻 Reddit Discussion: Server Security

Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!

Comments

Tags:

• security
• ai
• backend
• ai-agents
• automation

How to Detect and Prevent Prompt Injection in AI Agent Skills

How to Set Up Tailscale VPN for OpenClaw Security