I Built an Agentic Linux Security Tool. It Took Way More Iterations Than I Expected.

This started as a simple experiment: can you point an AI at a Linux system, have it collect forensic data, and get something useful than a wall of text back? The answer, it turns out, is yes - but not in the way I originally thought, and not without a lot of iteration to get there. How It Started The initial idea was straightforward. Run a bunch of forensic commands - process lists, open sockets, SUID binaries, kernel modules, log anomalies, the usual - pipe the output to Claude, and get a triage report back. Simple agentic loop. Collect, analyse, report. And that bit worked fine.