AI agents can't attack what they can't find — the case for hiding your services
An AI agent can only reach services that are visible on the network. Zero-trust networking tools like OpenZiti make services invisible to the public internet, so a scanning agent finds nothing to target. This post is a quick numerical breakdown of that security argument.
In a traditional network, every server or database has an IP address that anyone on the internet can try to reach. As AI agents become capable of automatically scanning for and probing vulnerable services, this 'open by default' approach grows riskier fast.
OpenZiti-style zero-trust networking removes services from the public internet entirely — they have no address to find. A scanning agent that can't see a service can't attack it, exfiltrate data from it, or even know it exists. This Reddit post walks through Dave Hart's original argument with back-of-envelope numbers, making the case that 'hidden services' become a critical defensive layer in an era of autonomous AI agents.
Key points
- AI agents can only interact with network services they can detect — hide the service and the agent is blocked before it starts
- Zero-trust networking removes services from the public internet so port scans and probes find nothing
- OpenZiti is an open-source framework that implements this 'invisible service' model
- As AI-powered automated attacks grow, hiding infrastructure becomes more valuable than patching exposed surfaces
- This is a security design topic, not directly about reducing token costs
Quick term guide
- zero-trust networking
- A security approach where services are hidden from the public internet and only reachable by verified, authenticated connections.
- zero-trust
- A security approach where no user or device is automatically trusted — everyone must verify their identity every time they access a system.
- autonomous
- The ability of an AI to complete tasks or make decisions without constant human guidance.
- open-source
- Software whose code is shared publicly so others can inspect, use, or change it.
- framework
- A ready-made structure or toolkit that helps developers build software faster.
- infrastructure
- The technical systems that keep a website or app running.
- token costs
- Token costs are the fees paid for the text an AI model reads and writes.
- token cost
- The money or usage spent when sending text to an AI model and getting text back.