Why the Next "SQL Slammer" Will Be Driven by AI: Brutal Lessons from the Frontlines

In January 2003, the internet didn’t just slow down; it broke. The culprit was a 376-byte ghost, a worm smaller than a typical email signature, that infected 75,000 hosts in just 10 minutes. If the earlier Code Red worm was the digital equivalent of an AK-47, the SQL Slammer was a Vulcan Gatling gun, the kind of high-power hardware mounted to an A-10 Warthog. It didn’t just spread; it obliterated everything it touched, crippling bank ATMs, debit networks, and long-distance telephone systems.

Aaron Turner was in the room at Microsoft when it happened. He lived through the “trench warfare” of that era, the sleepless nights of Code Red, Nimda, and Slammer. We were so overwhelmed that email was useless; we had to ship millions of physical CDs via FedEx because the network couldn’t handle the patches. It was a time of “volunteer firefighting” before modern security teams existed.

Watching the current rush to deploy AI feels like a horrific sense of déjà vu. We are repeating the exact architectural mistakes of the late ‘90s, and the “Gatling guns” are about to get much faster.

1. From 18 Months to 15 Minutes: The AI Exploit Accelerator

Early in my career, Aaron was inspired by WarGames to test the limits of what computers could do. By 2007, he was at the Idaho National Laboratory, part of a team proving that a cyber attack could cause physical destruction. It took us 1.5 years of manual, tedious effort to decompile software and find the exploit path to blow up physical equipment.

Last year, he ran a “bake-off” between Claude and ChatGPT. He provided the AI with sample industrial control software and a potential attack path. What took a team of experts 18 months in 2007 took the AI exactly 15 minutes.

The “tedious” part of hacking, the decompiling, the vulnerability discovery, the trial and error, is now automated. We are seeing a total democratization of the attack surface. You no longer need a nation-state budget; you just need a handful of tokens, a basement, and a pizza. This shift is so significant that it has already moved the needle at the highest levels of government; recent technology breakthroughs have even forced the Secretary of the Treasury to conduct emergency banking system briefings.

2. The “SQL Server Everywhere” Mistake is Happening Again

In the late ‘90s, Microsoft’s strategy was “SQL Server Everywhere”, putting databases in gas pumps, ATMs, and cars without a single thought for how to patch them. Today, AI vendors are “vibe coding” their way into the same trap, prioritizing market share over fundamental security architecture.

Look at Anthropic’s Model Context Protocol (MCP). It was released without a built-in authentication or authorization layer. This means there is no “On Behalf Of” (OBO) tokenization. Without OBO tokens, the system cannot distinguish between a human action and an AI agent action. If an agent accesses a sensitive PowerPoint or a banking database, the identity trail is a black hole.

When a major insurance company recently threatened to pull a $50 million deal from Anthropic because of this lack of OBO security, the response was essentially “deal with it.” As I’ve observed throughout my career:

“No one’s doing this right because everyone’s out there for the sake of market share... they’re releasing this stuff to go, ‘Hey, let’s conquer the world because we want people to use our platform, because that’s how we’re gonna get our next valuation.’”

3. The Death of the “Patching Game”

For decades, we’ve lived in a world where we managed roughly four critical vulnerabilities a month. We had a 21-day “reverse engineering” window to test and deploy patches before the bad guys caught up. It was a fair fight.

That fight is over. We are projecting a jump to 120 critical vulnerabilities a month by the end of this year as AI-driven discovery hits its stride. Human regression testing cannot scale to that volume. Trying to patch 120 critical vulnerabilities a month using manual processes isn’t just difficult; it is high-functioning self-sabotage.

I do not want to play the patching game anymore. The only winning move is not to play. —Aaron Turner

4. The High Price of “Elaborate Acts of Self-Deception”

When the technology debt becomes unmanageable, CISOs often resort to “elaborate acts of self-deception.” Aaron has seen CISOs present beautiful, polished PowerPoint decks to boards of directors where every metric was factually untrue by an order of magnitude. They weren’t necessarily lying; they were “reverse engineering reality” to stay sane in a system that punishes honesty.

But dishonesty at the board level is a breach of fiduciary responsibility. As a former naval officer, G Mark Hardy looks at it this way: if the ship sinks, we all get wet. You can throw the messenger overboard, but I’m tied to the anchor.

We must also remember the human cost. During the early worm outbreaks, Aaron didn’t see his family for two months during Code Red, and he missed the first six weeks of my third child’s life during Slammer. If we don’t fix the architecture now, we are signing up for a new generation of burnout and broken families.

5. The Strategic Pivot: Refactor or Be Disrupted

To survive threats moving at machine speed, we have to stop trying to protect unpatchable legacy debt and start self-disrupting. This is the roadmap Aaron recommends to boards today:

1. Enforce Browser Hygiene: The browser is where AI is “going down” right now. You must move to a single, managed browser, Edge for Exchange environments or Chrome for Google Workspace. This is the only way to gain the telemetry needed to monitor AI agent behavior.

2. Identity Over EDR: The days of Endpoint Detection and Response (EDR) as a silver bullet are numbered. We must move toward Identity Threat Detection and Response (ITDR). We learned from the “Striker” incident, where 200,000 devices were deleted due to poor cloud hygiene, that persistent privileges are a death sentence. We need Just-in-Time (JIT) and Privileged Identity Management (PIM) to eliminate those persistent risks.

3. Serverless Refactoring: Use the power of AI to “put bullets in old servers.” We recently helped a European utility take 200 unpatchable legacy apps and use AI to rewrite their functionality into a serverless Power BI platform. We didn’t patch the debt; we executed it.

Conclusion: The Six-Month Warning

We likely have roughly six months before the tsunami hits. The speed with which vulnerabilities are being discovered and exploited is transitioning from human-plodding to light-speed.

Your technology debt is already unmanageable at human speed. You can either choose to self-disrupt, depreciating your assets and refactoring your core architecture now, or you can wait for the AI-driven “Gatling guns” to do it for you.

The choice is yours: transform your debt today, or be disrupted by the tsunami tomorrow. If your defense is built for an AK-47, how do you expect to survive the Gatling gun?