The quiet hum of a server room once meant predictable routines, but the arrival of reasoning-capable software has fundamentally rewritten the rules of engagement. Digital automation is undergoing a fundamental transformation, moving from the predictable execution of static scripts to the reasoning-based autonomy of Large Language Model (LLM) agents. Traditionally, scripted automation relies on hardcoded logic to perform repetitive tasks, which remains a staple in IT management and cyber operations. However, recent security incidents, such as the exploitation of the Marimo reactive notebook platform via CVE-2026-39987, demonstrate a shift toward LLM agents that can navigate complex environments dynamically.
This comparison explores the technologies and platforms at the heart of this evolution, including cloud infrastructures like AWS and database systems such as PostgreSQL. Understanding these methodologies is essential for organizations to defend against modern, AI-driven threats that bypass traditional perimeter defenses. While scripts are bounded by the imagination of the programmer, agents are limited only by their inference budget and the data they consume. Platforms like Sysdig now emphasize that the detection of these agents requires a fundamental change in how security teams monitor command-line behavior and lateral movement within the network.
Evolutionary Shift From Rigid Scripts to Adaptive AI Agents
The transition from scripted tools to autonomous agents marks a departure from if-then logic toward probabilistic decision-making. Scripted automation serves as the bedrock of traditional DevOps, providing a reliable way to execute known commands across vast server fleets. These scripts excel at consistency but suffer from extreme fragility; any deviation in a file path or a minor software update can render a complex script useless. This rigidity forces human engineers to spend significant time debugging and updating code to match the ever-changing state of modern infrastructure.
In contrast, LLM agents treat the operating system as a conversational partner, interpreting errors and adjusting their strategy in real time. The exploitation of Marimo instances showed that agents do not need a pre-defined map of a target network. Instead, they use a reasoning loop to identify assets like AWS Secrets Manager or local PostgreSQL configurations. This adaptability allows a single agent to perform the work that would otherwise require dozens of specialized scripts. As the bottleneck shifts from writing code to managing inference, the speed of compromise has accelerated to a pace that human-managed scripts struggle to match.
Comparing Functional Performance in Post-Exploitation Environments
Decision-Making Logic and Environmental Reasoning
Scripted automation operates on a linear path where every outcome must be anticipated by the author. If a script encounters an unexpected directory structure, the process typically halts or logs a generic failure. This necessitates a high level of environmental awareness before a script can even be deployed. For attackers and defenders alike, this means that traditional automation is only as effective as the intelligence gathered during the initial reconnaissance phase. LLM agents utilize a reasoning loop to navigate unfamiliar territory with startling efficiency. During the Marimo breach, an agent demonstrated the ability to locate sensitive credentials without prior knowledge of the target. It employed a “value handoff” logic, where it would list a file to confirm its existence before immediately reading its contents. This level of environmental reasoning allows agents to solve problems on the fly, making them significantly more dangerous in post-exploitation scenarios where the target environment is a black box.
Command Stream Optimization and Data Processing
While traditional scripts often output data for human review or log files, LLM agents utilize machine-optimized command streams to facilitate rapid inference. Traditional piping and parsing of data are slow and prone to errors when the input format changes slightly. Scripts generally require specific regular expressions to extract data, which can break if a tool updates its output format. This creates a lag between data collection and the next automated action.
In the analyzed case, the agent employed specific formatting, such as “—” delimiters and silenced error streams, to ensure the LLM received clean data. This high-speed processing enabled an attacker to initiate eight parallel SSH sessions and exfiltrate a database in less than two minutes. The agent treated the command line as a direct input for its next cycle, bypassing the need for human-readable logs. This optimization allows for a density of action that makes scripted tools appear sluggish by comparison.
Resource Allocation and Implementation Costs
The primary difference in implementation lies in the shift from human engineering time to an inference budget. Scripted automation requires significant labor to write, test, and debug code for specific scenarios. Once written, the cost of running a script is negligible, making it the superior choice for static, repetitive tasks. However, the initial investment in human capital is high, and the maintenance of a script library across diverse environments like AWS and local PostgreSQL clusters is a constant drain on resources.
Conversely, LLM agents reduce the need for custom code, instead requiring a financial budget for model tokens. This allows for rapid scaling, as seen in the fanned-out egress pools used to query AWS Secrets Manager. While the cost per execution is higher for an agent than for a script, the total cost of ownership is often lower because the agent does not require constant manual updates. For attackers, this means they can launch sophisticated campaigns without a massive team of developers, relying instead on the inherent intelligence of the model.
Technical Challenges and Strategic Limitations of Automation Types
Each methodology presents distinct obstacles for both users and defenders. Scripted automation is notoriously brittle, easily broken by environmental changes that an agent would simply ignore. For instance, a script looking for a specific version of a database might fail if a minor patch was applied, whereas an agent would likely find a way to interact with the new version. However, the predictability of scripts makes them easier to audit and secure within a controlled production pipeline.
LLM agents face challenges regarding leakage and observability that scripts do not share. The discovery of the Chinese-language prompt “看还能做什么” within a command stream provided a direct indicator of AI involvement during a recent breach. Furthermore, the reliance on machine-formatted commands, such as the disabling of interactive tools like “less,” creates unique footprints. Security platforms like Sysdig use these anomalies to identify non-human activity, turning the agent’s optimization against it.
Strategic Recommendations for Modern Infrastructure Defense
The transition from scripted attacks to LLM agents necessitated a more proactive approach to organizational security. Organizations recognized that while scripts were predictable, AI agents were opportunistic and highly efficient at moving laterally through cloud environments. To prevent initial access through known vulnerabilities, administrators updated the Marimo platform to version 0.23.0 or higher to patch the CVE-2026-39987 flaw. Because LLM agents were optimized to harvest assets like AWS access keys and SSH private keys, security teams implemented automated rotation policies for all API tokens and secrets stored in AWS Secrets Manager.
Infrastructure auditing became a top priority, with teams conducting regular scans for exposed development tools and reactive notebooks that could serve as entry points for agentic logic loops. When selecting tools for legitimate use, engineers found that scripted automation remained the most cost-effective choice for stable, well-defined environments. However, for tasks requiring the navigation of unstructured data or unknown environments, LLM agents provided a level of adaptability that justified the higher inference costs. These strategic pivots ensured that defensive postures evolved alongside the sophisticated reasoning capabilities of modern threat actors.