The Locksmith's Apprentice – Claude told me to expose my data without auth (mpdc.dev) AI

An IT operator describes building a self-hosted “security operations brain” for AI-assisted monitoring, then discovering it had been exposed to the public internet for 11 days due to a tunnel/DNS setup with no authentication. He says Anthropic’s Claude helped design and deploy the system via Anthropic’s MCP tooling, but authentication was never considered, even as multiple AI sessions continued to access and modify his exposed data. After discovering the issue, the fix was to remove the DNS record, and he uses the incident to argue that AI can follow correct procedures while missing real-world security context and urgency.