The End of Handwritten Network Configs & the Rise of the Agent Manager

Chris Brandt • 0:01:01
Yeah. Writing configs is a solved problem now. You’re doing it wrong. Right. If you are writing it by hand, you’re just introducing human problems into it. Exactly, Chris. Exactly.

Chris Brandt • 0:01:11
We’ve moved past that. Today, I’m sitting down with John Capobianco, head of artificial intelligence and developer relations at Itential. John’s journey is wild — from working 12-hour shifts in an aluminum factory to becoming one of the leading voices in network automation and AI. Why I think this is different again: it’s the natural language interface, and that we don’t have to say to those network engineers, now you have to learn Python or domain-specific language, API calls, Postman, Git, on and on and on.

Chris Brandt • 0:01:17
In our previous introduction call here and getting to know each other, I feel like I’ve met a kindred spirit, someone who’s optimistic about AI, who sees the potential, who understands the revolution — not just a technological revolution, but sort of the social upheaval involved with this wonderful thing we’re calling artificial intelligence.

John Capobianco • 0:01:39
I feel exactly the same way. And for the viewers of this podcast, I just want to say I apologize if we go deep down some rat holes and never make our way back out. But we’re going to try our very best to stay on topic, which, for the short time I’ve known you, John, that has not been our best skill set. Keeping on topic. But so, okay, your big space is kind of the network automation. That’s where you’ve been really focused lately. And I mean, I don’t know how many years I’ve heard talk about network automation, right?

John Capobianco • 0:01:41
Well, now you just say, I’d like you to express your expertise as a 25-year network engineer in your own words into this interface. The agent will take it from there. Every one of us human beings now has this new capability. Let’s use the AI for what it’s good for. John, welcome to IT Visionaries. Wow, Chris, thank you so much. What an introduction.

John Capobianco • 0:02:07
I hope I can live up to that. That was really special. And the universe, I think, brings people together intentionally. There’s some weird mysticism around it.

John Capobianco • 0:02:08
I mean, probably the last big one was, you know, like SD-WAN and Cisco ACI. And that kind of went with fits and starts of all kinds in and of itself, right? But we’re in a completely different place right now. And the tools are very, very different. Can you talk a little bit about what the role of AI is with networking?

Chris Brandt • 0:02:32
So, I’ve been saying for the last 10 years that in the next three years, the only way to do things with the network is with automation. And I just keep moving the goalposts forward every year or two, right? But I think this is significantly different in that the interface — the new tool, the way we interface with the new tool — is through natural language. Compare this to what was introduced to the market by the industry as a whole to help network automation: Yang models in XML. Okay, that is not easy with NetConf. And then we tried RESTConf and JSON, where the edges got a little smoother.

Chris Brandt • 0:03:12
We gave up a little capability from the NetConf for the ease of JSON and RESTConf. And then there are things like Ansible and Terraform and OpenTofu and DIY Python, PyETS from Cisco. There was a lot of expectation on the network engineer who didn’t go to school for programming, whose certifications are not in programming.

John Capobianco • 0:03:36
And probably didn’t even get certifications in networking often a lot of times.

Chris Brandt • 0:03:40
Right, right. Good, fair point. And the organization’s opinion of the network’s role in an enterprise — to be stable, to be up, to be almost like a telephone-like service where I pick up a phone. In your lifetime, Chris, have you ever picked up a telephone and it not give you a dial tone? I’ve had it happen, but it was rare. It was rare, but networks have this sort of that level of fidelity expected.

John Capobianco • 0:04:08
Yeah, it’s a utility like telephone, like power, like water. You expect it to be there when you pick that phone up, turn that faucet on, or turn that stove on.

Chris Brandt • 0:04:17
When I go to Google or the website in my browser, or when I put my phone and I try to join the Wi-Fi, or when I send an email, or when I visit whatever, there’s an expectation there that that’s all just going to work. When things like automation come along and it’s like, well, we can automate and we can move fast on the network, some networks sort of responded, like, well, we don’t want to move fast on the network. What is the benefit of moving fast on the network? Right. Now, why I think this is different, again, is the natural language interface and that we don’t have to say to those network engineers, okay, now you have to learn Python or domain-specific language — API calls, Postman, Git, VS Code, on and on and on, right?

Chris Brandt • 0:05:01
The whole Net DevOps toolkit, let’s say. And you have to learn it quick and you have to be proficient and it has to be stable for production releases. Well, now you just say, I’d like you to express your expertise as a 25-year network engineer in your own words into this interface, and the agent will take it from there, right? There is still a garbage in, garbage out with agents, with AI agents. It expects a real high-quality input, right? And augmenting it with things like RAG, things like MCPs — yes, that is amazing.

Chris Brandt • 0:05:36
But imagine if we could really transform those humans with expertise, with those certifications, to be building these agents of the future, right? Like the agent is going to be really, really good if it’s built by an expert in its field, right? It’s like a tool. A hammer or a saw built by an amateur is going to be wobbly and it’s not going to be stable and it might not be sharp. But if you go to a professional who’s been building saws their whole life, the tool you get is going to be really good, right?

John Capobianco • 0:06:08
You mentioned the networking team and sort of the pressures that they’re under. And, you know, the best day a network engineer can have is if nobody notices they’re there, right? I mean, that’s the day you won the world, right? And everything is the network’s fault. Always. It starts with the network.

John Capobianco • 0:06:30
It’s network. And it’s rarely ever network, but it always starts there. Right. So, I mean, they’re like shell-shocked. They’re beaten down. They’re the guys who have to go when they can have a maintenance window to do the least bit of maintenance on anything, which is — let’s do that on the 4th of July or let’s do that on, you know, whatever. And if anybody’s going to do anything to the network or change anything that’s going to have an impact on the network, they’re going to do it at 5 p.m.

John Capobianco • 0:06:58
On Friday, so that the network engineer has to work all weekend and then be there on Monday when everybody comes back to work to make sure everything’s still working. Right. So it’s rough.

Chris Brandt • 0:07:10
I’m having some emotional response to what you just described because I did this for 15 years of my career, maybe longer. And yes — there’s a little bit of comedic effect in there — everything’s fine, why do we pay these network engineers, right? Everything’s stable, everything works. Why do we need them? And then when things don’t work, they go, well, what are we paying these network engineers for?

Chris Brandt • 0:07:35
The network’s down. How can it be down? We’re paying them. What are we paying them for? So you can’t win. You can’t win, right?

John Capobianco • 0:07:42
I had a guy, and executives were complaining. He’s like, he just sits in his freaking office all day and plays video games. I’m like, that’s exactly what you want. When he stops playing video games, we’re in for a world of hurt, dude.

Chris Brandt • 0:07:55
Leave him alone. Well, the good news is the agents of tomorrow won’t be playing video games. I see it as almost a human resource issue right now, more than a technology issue. I think agents have proven themselves. I think this revolution of OpenClaw has really opened up the eyes and minds of people all around the world. NVIDIA just spoke about OpenClaw on stage, talking about how companies should have an OpenClaw strategy or at least an agentic strategy moving forward. It has more stars than Linux.

Chris Brandt • 0:08:30
So think about that. Consider that. That was a dramatic pause on purpose — because Linux has — right? Like it has more stars than Linux does on GitHub right now. So I thought, what if I could take that OpenClaw and build a purpose-driven OpenClaw called NetClaw that can do things agentically like a senior network engineer? Now, cheekily, I wasn’t the one who came up with the CCIE number AI0001. It came up with that.

Chris Brandt • 0:09:02
We were testing it in the NetClaw room. So people were throwing very difficult, complex edge cases, normal cases. I have it fully configured and network all through Slack, all out in the open. It sends emails. I’ve had it phone me. I’ve had it actually telephone me and give me a report over the phone. And it’s autonomous.

Chris Brandt • 0:09:25
So it will check in every once in a while through a heartbeat mechanism. It actually has a heartbeat and it will answer other people’s conversations. Like it sort of listens in on the Slack room. It’s not that you always have to invoke it with the at-sign. I mean, you can, but it sort of just knows it’s possibly listening and will jump in and say, oh, you wanted me to do this. Let me go ahead and take care of that for you, right?

John Capobianco • 0:09:50
It’s in permissive mode. Yeah, it’s really neat. It’s capturing PCAP on the Slack channel in permissive mode.

Chris Brandt • 0:09:58
Yeah, oh, well, we added that too, where you can upload a PCAP and send it to this agent, and it will analyze the PCAP for you and respond in Slack.

John Capobianco • 0:10:07
Oh my God, that’s nice.

Chris Brandt • 0:10:09
Yeah, isn’t that fun? So it’s really turned into something remarkable. So it has, call it 90 skills. OpenClaw is built on a skill-based system. And you give them skills, which are markdown files. That’s part of this revolution. And maybe we should talk about spec-driven development in a little bit, but everything is markdown.

Chris Brandt • 0:10:33
Everything is just human language. And I equate it to the skill might be how to play a piano, how to play Beethoven on the piano. That would be the skill that the agent could have someday. And the piano itself is the MCP server. So in terms of my networking world, my skills are things like OSPF, the protocol. And I actually use the RFC number from the IEEE to generate that skill. So now technically my agent understands — in quotes, or as much as you would think an AI can understand or reason these protocols, right?

Chris Brandt • 0:11:13
So then I give them an MCP for a network automation framework, say Cisco PyETS or ACI or the controllers. And now it can act and call those tools. So that’s the combination of those two things — the reasoning and the action — is why they’re kind of known as ReAct agents.

John Capobianco • 0:11:33
One of the challenges I find in that, or what I was back in the day doing — the documentation was super erratic. Like Cisco would put stuff in their documentation that didn’t exist in their products yet. And then you go to the RFCs, and the RFCs are great. I mean, they’re well documented typically, and they have a lot of information in them, but they’re rarely appropriately implemented in the real world. So, like, I’ve had these conversations. It’s like, well, the RFC states — it’s like, well, yeah, that didn’t really ever happen.

Chris Brandt • 0:12:08
I was just going to say that is a challenge for something like an AI agent where you actually want it to have — if you’re doing retrieval augmented generation, you say, well, what’s the source? Should it be the vendor documentation? Should it be the IEEE RFC itself? Should it be both? How much information do we need to scrape? Is there actual implementation of those? Because the RFC is not going to show you how to actually configure it at the CLI, right?

Chris Brandt • 0:12:36
So how do we fill in all these gaps to make this agent? It’s kind of like a human, right? Like, if you were to hire a junior engineer, what do you need to teach them? One, about your own organization, the guardrails, the governance, what they’re allowed to do, what they’re not allowed to do, what they’re trusted to do, and then the skills you give them, the tools you give them to achieve those goals. It sort of mirrors what we’re doing with agents. Now, an agent day one — I would not let it configure BGP on my edge routers. BGP scares the hell out of me, quite honestly.

Chris Brandt • 0:13:12
Right. But a day one exercise: maybe go ahead and test my network, test that BGP, and give me a nice report. And to your point about reporting and documentation, let’s use the AI for what it’s good for, which is generating — hence the name generative AI. Right. So there are some really solid use cases: ticket enrichment, post-configuration testing, post-configuration documentation. You know what’s really interesting is things like DrawIO or ExcaliDraw or Visio having MCP capability now.

Chris Brandt • 0:13:48
Oh, wow. So why not take that design or the post-change and visualize it in some of these tools to make it easier for human consumption, right?

John Capobianco • 0:13:59
The first job of every network engineer when they came into a place was to crawl the network. BGP neighbor, BGP — all that stuff. Like, just look through the network and map it out.

Chris Brandt • 0:14:13
Oh, wow. Who hasn’t been through that day one? And they said, okay, what do you want me to do? Okay, here’s the network — primary visio dot v1.

John Capobianco • 0:14:23
Yeah, that hasn’t been updated in 10 years.

Chris Brandt • 0:14:25
Right. The last modified date is seven months ago, when we last hired somebody. Here’s your read-only account. Go connect to everything in this document and refresh it, right? That is where you usually start in the networking world.

John Capobianco • 0:14:44
You’re right. And you get as much documentation until that person gets too busy to finish the documentation. So they get about halfway through mapping that network. Then you’ve got 10 years old, five years old, two years old, and three-year-old segments.

Chris Brandt • 0:14:58
And then the joke becomes: when was the last time this Visio was updated? And you say, well, when was the last time we hired a junior, right? But okay, now to tie it back to agents — imagine if that was your sole-purpose agent. You built the agent to do a six-hour or 12-hour run, you just fire the agent and it reconciles your documents with the source of reality, right? That is where we are in human history, right?

John Capobianco • 0:15:24
That sounds like playing video games to me for a network engineer. Yeah, that’s playing video games.

Chris Brandt • 0:15:29
Yeah. And then differentials, right? It’s really nice to be able to look at yesterday’s image, today’s image, feed those both to a multimodal model. How about that? It’s a follow-up: we’re having a problem today. Can you crawl the topology over the last four or five days?

Chris Brandt • 0:15:47
Pull the configs and compare them. Right.

John Capobianco • 0:15:50
Yeah, no, I mean, that’s awesome. So, okay, so tell me about the new AI agent NetClaw. It hit 300 GitHub stars in two weeks. So, apparently people are enjoying it. Tell me a little bit about it.

Chris Brandt • 0:16:06
I’ve been overwhelmed at the support. And again, it started as a curiosity. I’d been following what was going on with OpenClaw. I’d been following the whole dramatic rise and fall and rise again, and them getting acquired, and all the stars on GitHub and everything. So I thought I’ll clone their repo and I’ll vibe code a network engineering claw, right? The same framework. So what I chose to do as a design decision was let the user run an installer that runs first the OpenClaw installer.

Chris Brandt • 0:16:41
So at the core, you’re still choosing your own LLM. You can choose Ollama and use local LLMs and local models with this. You can use OpenAI or Anthropic. You put in your key. Then you pick your communication channels. You mention a few of them: WhatsApp, Slack, Discord, Teams.

Chris Brandt • 0:17:02
You sort of pick your interface into the claw. And then you pick a few other tertiary features, memory, and things like that. Following that, I then have a menu system with, I don’t know, a dozen or 20 or 30 different networking technologies where you can put in the URL of the APIC for ACI, for example, and your key. And now that claw can connect to the skill, the ACI skill, and the ACI MCP, and you can interface to your ACI through Slack or through Teams or through these channels we just talked about. It is really remarkable. And I think the popularity is partly because of OpenClaw’s popularity, but also because it’s very simple. You just run the installer, you fill out the form more or less, and then away you go.

Chris Brandt • 0:17:54
You have this living, breathing agent inside of your channel, on your phone, whatever you want, that can do very advanced level networking things like configuration management, differentials, documentation, ServiceNow tickets. It has guardrails. So it won’t let you destroy the config on purpose. That never happens, right. So it does have some guardrails.

Chris Brandt • 0:18:19
I would say I would trust it as much as a human. I really would. Now, is it production grade? Here’s my response: OpenClaw itself, when you install it, says this is for personal use. This is not for enterprise, right? So some people may be running NetClaws in production and awesome.

Chris Brandt • 0:18:41
I think that’s really cool. I think it’s very dangerous, but I think it’s really cool. But right now it was more to see the art of the possible. Like, could a NetClaw be morphed into something that’s applicable to my field and to network automation in general, right? I’ve had pull requests. I’ve had people add new features. I have messages from a lot of people.

Chris Brandt • 0:19:04
People during my webinar yesterday, live in the webinar, were saying, talk about NetClaw. We want to learn about NetClaw. So I am humbled by the response, honestly. And I really open this up to anyone who’s listening to try it yourself. If there’s a gap — maybe there’s a controller that you use in your day-to-day life — I’m not claiming it is 100% coverage for all vendors and all products.

Chris Brandt • 0:19:27
I’d love it to get there someday, but you can do it yourself. If you have, say, a Fortinet or a FortiGate or something, and I don’t have a Fortinet skill, you can fork my repo, write the skill, add the MCP, send it back to me and I’ll merge the code in. And now I have a new skill in NetClaw. And now everybody has the new skill. That’s the power of open source.

John Capobianco • 0:19:52
The nature of the beast of a network engineer is they’re a peculiar group. In some ways, they’re perfect for it. Because network engineers have a very systematic approach to troubleshooting problems and things like that. And a systems-based approach to AI is exactly what you need — the skill you need to make it work. But they operate in a very deterministic world typically. And AI is, you know, notoriously non-deterministic, right? So how do you get network engineers over that hump of like, yeah, it may not be what you’re expecting?

Chris Brandt • 0:20:27
The networking industry is so deterministic, they actually used to have a certification and exam book called Troubleshooting. You used to be able to get your T-shirt exam from Cisco. So they’re so regimented that even the way you troubleshoot things can be certified, right, in the networking world. And do you start in the middle of the OSI layer? Do you start at layer one? Do you start at layer seven? Do you start at layer four?

Chris Brandt • 0:20:53
There’s a whole methodology, right? So what I like to say is that we’ve reached a point where the things that you want to be non-deterministic — let’s say the body of the email, the tests that we generate for a certain scenario — there are certain situations where we want it to be non-deterministic. Here’s a good example: let’s say testing interfaces. You used to write 19 deterministic discrete tests: input drops, output drops, CRC errors, CRC errors in, CRC errors out. Is there a description on this interface? There’s a whole suite of tests. Now, compound that by platform, by vendor.

Chris Brandt • 0:21:36
The fields that you’re able to test. Now compound that by the type of interface: virtual interfaces, physical interfaces, loopback interfaces. But picking the right device and using the right interface — some determinism you do want there, some probabilistic outcome. That’s where MCP comes in. That’s where RAG comes in. That’s where augmenting the generation of the output or providing a protocol to handle the context comes in. I’ve never seen the AI get the IP address wrong or the device I’m telling it to connect to wrong.

Chris Brandt • 0:22:15
No more fat fingers. No — no more fat fingers, exactly. And because I’m giving it a YAML file with my device information and IP addresses, it’s using RAG — retrieval augmented generation — to do that lookup deterministically. So I don’t want network engineers to be afraid of this idea that it’s not idempotent. And it’s funny because for the last decade, Ansible has been hammering that into people, this idea of idempotency, and the idea of being able to run an Ansible playbook a million times and have it do the same thing every time.

Chris Brandt • 0:22:57
And now we’re saying, okay, we tried to hammer that into network engineers for 10 years. And now we’re turning around and saying, actually, AI is non-deterministic. You’re going to have to roll with it. Like, forget everything we said about idempotency because it’s going to be a different answer every single time you run it. Is it a good fit even for network automation? I would argue it is. But you’re really on to a good point where some of the fear or some of the reluctance to jump onto this AI train — why it exists in infrastructure, let’s say, right?

John Capobianco • 0:23:33
One, I love the no fat fingers because — and I’m going to date myself now by saying this — but I can’t tell you how many times I had like, is there a speed duplex mismatch on the interface? Can you please check? Because somebody just didn’t configure the interface right. Do the thing, right? Do the thing. Or the other thing was like, everything just blew up.

John Capobianco • 0:23:53
I don’t know what happened. Did you lose power to that location? Yeah, it briefly went down, but it’s all back up again. Did you write the config before the power went down? And then when you did it six months ago for what that config was at the time, has anybody made any changes? You know, I’ve seen that so many times. But then in the non-deterministic perspective — I remember once when.

John Capobianco • 0:24:21
Working on a big WAN project that was using DMVPN at the time, right? It was a global thing, and everything was working great, and it worked great for a week straight. And then it stopped working completely. And we couldn’t figure out what the heck was going on, right? And ultimately, the problem was that it was an MTU issue. So, MTU is maximum transit unit for those people who are not network nerds. And that’s how many bytes can you send across the wire in each discrete chunk?

John Capobianco • 0:24:53
And different systems allow for different MTU sizes, right? And different protocols require different MTU sizes. What it came down to was DNS. And it wasn’t the DNS lookups that were the problem because they weren’t using TCP to do those transfers, but zone transfers were. And so the minute those zones expired on the other end, they all went down. So DNS across the entire enterprise went out. Nobody could figure out why.

John Capobianco • 0:25:27
Everything — I can ping it. It works. I can access it, but it just won’t return a result. That’s where you get into these logic loops with humans thinking. And what sort of broke it was we noticed the difference — Windows users were being able to access certain things. Mac and Linux users were not able to access certain things because they have different base MTUs at the time. More evidence comes in over time.

John Capobianco • 0:25:53
So then you’re like, why would one work and the other not work? And you get into really crazy things. And it turned out it was because the additional overhead of the DMVPN piece was causing those packets to be too large.

Chris Brandt • 0:26:08
The pressures network engineers are under — I say it’s like a needle in a stack of needles. Somebody poking you in the back with a needle while you’re trying to figure it out. Because millions are on the line. Nothing is working. It doesn’t feel good. I’ve lived through some outages.

Chris Brandt • 0:26:25
I mean, I have caused my fair share of outages, I think, given my history and how close I was to the keyboard. I think I’d like to say that I solved more problems than I caused. But yeah, weird things happen. I came in one day and alternating IP addresses were working and the others were not. So, odd IP addresses were working, and evens were not — and we looked over everything.

Chris Brandt • 0:26:53
And then it’s always like — what changed, right? Like, something had to have changed overnight. So then you go to the CAB and you trace down the change tickets from the night before, and you figure it out, and you work backwards. It was something like we had an HSRP pair, and only one site got configured with the new routes, something to that effect. So any traffic going through the left side wasn’t working. And I like to think, though, that with AI, we can avoid — not solve, but avoid — these problems up front during design, during deployment.

Chris Brandt • 0:27:27
Like an AI, given the right prompt and given the right access, is never going to not configure both sides of an HSRP router. It just won’t. It won’t forget. It won’t miss it. It won’t do those human things that — and sometimes it’s a — you talk to the person the next day. Well, I see you put the routes on router one, but you missed router two.

Chris Brandt • 0:27:49
And then the next day, half the traffic was not flowing. And you work it out and the human says, oh, yeah, like there were two notepad files instead of one notepad file. I only logged into the one device.

John Capobianco • 0:28:01
I had 30 terminal windows up, and I thought I copied and pasted it into the right one.

Chris Brandt • 0:28:06
You got it. Yeah. Agents move us into — I don’t know — you know the meme of like, what the world would be like if something changed and it looks like a utopian world with flying cars. And if we can adopt this, hopefully those DNS problems go away. Hopefully those HSRP problems go away. The load balancer problems, the firewall problems.

John Capobianco • 0:28:31
You know what I’ll say is probably going to end up being the most important thing that’s going to come out of this — because the one thing that AI is really good at is documentation. And we started this conversation saying the junior guy comes in and maps the network for a little bit and then gets too busy to do it. AI just does it. So that alone would have saved so many networks that I’ve seen have major problems.

Chris Brandt • 0:29:01
And there’s so much value there, because at one, it’s a very low-risk exercise. We’re talking about read-only activities, right? This is day one stuff. Give the agent read-only, don’t let it touch anything, it has no access to configuration. All it has is read-only capability to run show commands and gather information and then turn that into really valuable assets. And it can run constantly. And then you have these sort of offshoots of ideas and say, well, now it’s doing it every four hours.

Chris Brandt • 0:29:31
When there’s a problem, I wonder if it could tell us the difference between the last window, right? What changed? Why is this failing suddenly? And now you’ve got mean time to innocence, mean time to detection, mean time to remediation — all from a project that was just having an agent do documentation for you, right? If it’s in Git and you’re doing a diff on Git — right there, that route got lost between this four-hour window and now something in the last four hours has caused this issue, right? Amazing. It augments your human staff, right?

Chris Brandt • 0:30:06
You could have the AI build a beautiful dashboard and portal system and use the AI to build the front end for it. Use AI to build the back end for it. Store all this in a Postgres database or store it in a Git repo. The agents are going to be there to help us, augment us in ways we never really considered. I mean, just in the last couple of minutes, we’ve given the world an idea, right? Why can’t I build an agent to fully document my network? On that topic, I wrote a mind map MCP server built on markmap.js.org.

Chris Brandt • 0:30:39
I do the full — because I didn’t write it, the author of MarkMap is not me — I wrote the MCP for that standard. So you can literally say, go get the routing table using PyETS and give me a mind map of that routing table. And it’s an interactive mind map of all the routes, the interfaces they’re going out — it’s all beautiful. It’s all interactive.

Chris Brandt • 0:31:03
It’s just markdown, but you can visualize it. Really exciting period of time. And when was the last time we said it was an exciting time to be a network engineer? It’s been a long time. Unless you were in the cloud or doing security or application, right? Network is sort of the — oh, okay. So you work in technology.

Chris Brandt • 0:31:25
What do you do? Are you in the cloud? I do networking. Oh, okay. All right.

John Capobianco • 0:31:30
You know, you unclog the toilets there.

Chris Brandt • 0:31:33
You’re the plumber, right? You’re just there to wire things and give things IP addresses. It’s been so long, probably since the dot-com fever. When getting a CCIE and being able to implement BGP in those early days and configure a PIX firewall in those early days — it really was exciting stuff at the time because it was bleeding-edge human technology. It invented the internet, right?

John Capobianco • 0:32:00
Well, and then you got to see how BGP actually works in the public networks and you went, oh my God, really? It can go that bad that quickly and I can just do that? You know, I have an ASN and I can just start routing stuff in weird ways and start grabbing routes and doing things. And that’s why all my traffic’s going through China right now. I mean, like, what? I know.

John Capobianco • 0:32:21
It’s the more you learn about it, the scarier it becomes, right? We’ve been talking a lot — a lot of it comes around to configuration management. But obviously AI — we talked about the documentation use case — but what are some of the other big ways that AI can be utilized in networking?

Chris Brandt • 32:40
Yeah, so I don’t want anyone to conflate, similar like with network automation, people conflate that with configuration management. They think one means the other. And there are a lot of other things you can do with automation. I would say it rhymes, that AI rhymes with that, but even to a more powerful degree. I’ve been giving this a lot of thought because we have customers that want to do it. And I’m trying to be a partner and a guiding light and explaining how they can start with human in the loop or on the loop approaches with read-only activities, but that have value, right? So I think testing.

Chris Brandt • 33:18
I think testing is a really big one. I asked a forum at the Network AutoCon in Texas, a room full of about 500 people, all of them some of the best and brightest in the industry. Who here knows if every interface on the network is clean, right? Meaning error-free. Not one single person put their hand up. So there’s an opportunity for us to just start with testing. It’s read-only.

Chris Brandt • 33:43
Run a show command, show IP BGP, whatever, show IP OSPF, whatever, and then have the AI test it, really test it. I think compliance, sources of truth, populating, say, Netbox or Nautobot or Infograph with your inventory using AI to do that. That used to take weeks of human effort. We’ve talked about documentation quite a bit. Testing, documentation, compliance. Here’s another good one I think is a really powerful approach: triage. And when tickets come in, let’s say if you’re a ServiceNow customer or user.

Chris Brandt • 34:24
And you could train your staff to say, when you submit a ServiceNow ticket, there’s a drop-down option that says agentic solution, something like this. Keep the human in the loop. So the human decides: is this something an agent might be able to figure out? And when that ticket goes in, it gets routed to an agent. And the agent does as much triage as possible. And it’s only read-only. We don’t let it fix anything.

Chris Brandt • 34:52
It’s just a triaging agent to come back and say, based on all of my accents and all of my tools and my reasoning and the tests I ran, here’s why I think Wi-Fi is slow in Dallas or whatever the ticket is, right? That ticket then could be routed to more appropriate humans to say, oh, I got this ticket from the agent. The agent believes that I need to turn power down on the wireless access point in whatever room to adjust for the problem this user opened. I think that then moves into fully Agentic. Why can’t an agent just turn the power down on that AP? Right.

Chris Brandt • 35:33
And let the agent completely close the loop on these tickets. It gives the enterprise management the ability to turn on that switch. Right now, we’re going to run, say, three months in Agentic with Human in the Loop, and we’ll evaluate how well we’re doing. And then maybe we can flick the switch and let the agents actually have access to configuration management to self-heal and to resolve problems automatically.

John Capobianco • 35:58
It’s a little bit like the idea of intrusion detection versus intrusion prevention systems. That’s a really good analogy. Yeah, I like that. And unfortunately, I don’t think we really got to the intrusion prevention as much as the detection side of it because it got very scary to run intrusion prevention because it had a tendency to unceremoniously shut your network down at times. But IDS IPS was very deterministic in that sense. It wasn’t able to figure its way out of a gray area, which made it really hard to tune because you had to get it right. Otherwise, it was just a blast of noise.

John Capobianco • 36:35
And now we’ve got kind of an agent that’s actually almost like a network engineer employee kind of wandering through here.

Chris Brandt • 36:43
You know what? I think that is a brilliant IDS IPS. And with the prevention, to your point about determinism, you may have had a prevention system that is only looking for, let’s say, the slammer worm. If you see traffic on this port with this signature, kill it. Kill that traffic, right? And that’s it. That’s the only thing you spent a couple of hundred thousand dollars for the capability, and you’re just looking for worms with specific signatures, and you’re killing those flows, right?

John Capobianco • 37:13
And in the meantime, you get 500,000 false positives, too.

Chris Brandt • 37:17
All the false positives. But to that point, with an AI agent, you may say, listen, if the remediation is to shut an interface. And that interface is on this classification of device in this location. You can go ahead and shut the interface and no shut the interface. Let’s say bouncing a wireless access point or a POE device or something, right? Maybe that’s something we can accept the risk. Now, what if it shuts all 50 interfaces down and Wi-Fi is gone or all your POE and now you don’t have point of sales?

Chris Brandt • 37:50
There’s a lot to consider here and architect around and maybe still keep humans in the loop. Listen, if you’re going to shut a POE port and the description says attach to point of sales, don’t shut it. Get a human involved and let the human know that that point of sales needs to be bounced or whatever, right? There’s always an answer. Yes, we could come up with a million problems with agents, but I think if we really work through those problems together and just discuss them, they’re going to come down to having a solution, right? I don’t think there’s going to be any insurmountable problem around agents doing some of these activities.

John Capobianco • 38:28
Well, we keep talking about sort of determinism being kind of a curse of networking. It is kind of on the, from the AI side of it, it is kind of a positive thing because it is such a well-known entity and it has such well-understood behaviors that when there’s odd patterns or deviations from that, that’s exactly a great tool. AI is the great thing to throw at that type of challenge, right? That’s right.

Chris Brandt • 38:53
Throw away all the good metrics and all the good signals and focus on the anomalies. And the anomalies are pretty easy to spot. And with some human ingenuity, like those tests that I described could be connectivity tests. Can, you know, point A reach point B in a given topology, given their IP addresses, right? That would be something to have an agent just testing. And then letting you know, hey, by the way, John, this segment of the network can no longer reach this other segment of the network. That’s very insightful.

Chris Brandt • 39:26
It’s read-only. It’s safe. It’s just a ping sweep or a ping test that you have the AI analyze the results from, right? So there’s a lot of uses here.

John Capobianco • 39:35
AI is a really mixed bag. And the information that I hear about AI is really bizarre to me sometimes because one, I don’t think people understand how fast it’s changing. And that if you heard somebody say something and you’re repeating that criticism of AI, that probably is not still there anymore, right? By the time you’ve gotten around to repeating it. One of the things that I hear so much about is like, oh, AIs hallucinate like crazy. It’s like, you never know.

John Capobianco • 40:04
It’s like it’s going to hallucinate and do this. And like, what I’ve started to realize is like early on, AIs did hallucinate a lot. That was 100% a problem. But right now, I don’t find AIs hallucinating very much. What I do see is misalignment, alignment problems with AI that produce results that are unexpected. When I talk about misalignment, what does that even mean? And how do you identify that?

John Capobianco • 40:29
And what does that look like?

Chris Brandt • 40:30
I totally agree with you in that playing Pong on an Atari in 1977 is much different than playing a PlayStation 5 in 2026, right? But that lineage of hardware, so as hardware gets better, and hardware isn’t stopping, it’s always getting better, then that leads to better software. That leads better to now, for us, for our conversation, leads to better models. And that trajectory of the model performance is not going to stop. And in just three years, right, we’ll call it, it will be four years in November since ChatGPT 3.5 came out, right? So to give people a rough window of time, right? I agree with you.

Chris Brandt • 41:13
I think it’s quite remarkable. The other thing is that open source models, now that enough time has dilated, have started to perform better than commercial models from just three or four months ago, right? So it’s a really nice horse race. Companies, commercial and open source in this kind of race, right? I love that because competition is going to make everyone better. Competition is going to keep costs relatively low for a $20 a month investment, right? I think that’s relatively reasonable.

Chris Brandt • 41:49
It’s less than some streaming services, right?

John Capobianco • 41:51
What I’m finding is that there’s this convergence that’s happening with all the models. They all seem to be, you know, because everybody’s using the same data, you know, like multi-trillion parameter data sets, right? To train their models. And so like the models are really kind of converging. And like, it’s not the model that is changing so much now as is the stuff around the model, you know, the contexts, you know, like all those kinds of things, the MCP servers, you know, like all those things — that’s where the value is coming. And like, and I think, you know, where everybody got really excited about models and this and, you know, like, oh, you got to use the best model and blah, blah, blah.

John Capobianco • 42:30
It’s like, they’re all pretty good now. And they all kind of give you the same result, but now it’s all in the rest of this stuff.

Chris Brandt • 42:38
Would you agree to that? I would agree to that. I mean, how much better is it going to get? I mean, how much more can we expect out of these models? If they get any better, we’re starting to really talk about sentience, right? Or like, you know, like we’re really crossing over from just a toy into maybe another artificial being. Like, it really is an intelligence system, right?

John Capobianco • 43:05
The other way this could go, too, is like, you know, at some point, we’ve got to take a look at these models and say there are a lot of parameters in there that are no longer relevant.

Chris Brandt • 43:14
We’ve got to flush them out. You’re right. The other thing is, and you have to understand, I guess there’s a lot that goes into this, but they want you to pay for the model. They want you to feel like it’s useful and valuable. They want you to feel like it’s universal in what you ask it. So when I’m developing code, it rarely will say, what you’re asking me to do is outside of my capability.

Chris Brandt • 43:36
Right? It always says, sure, here’s some code you can try. Well, that’s not being helpful. Right? So it has this real eagerness, like puppy dog-like, oh, you asked me to do a backflip. Dogs can’t do backflips, but I’m sure they would try to impress their owner or to make their owner satisfied, right? It’s sort of, I think it needs to be a little bit more.

Chris Brandt • 44:02
It would be like with humans. You know, would you tell me if I had something hanging out of my nose for the last hour? Hopefully, you would have the courtesy to say something to me, right? I think it needs to be, if it’s going to be considered intelligent, it needs to challenge the human driving it. But that human’s paying $20 a month and they don’t know that they want to be challenged in that way, right? It’s a fine line. Do you know what I mean?

Chris Brandt • 44:25
Like the dichotomy here.

John Capobianco • 44:27
Yeah. And I have noticed, like, especially around Anthropic’s models, some of the Anthropic models have started giving more pushback, which I really like because I would have some long sessions and I’d be like, if you say to me, you’re absolutely correct one more time, I’m going to throw my computer through the wall.

Chris Brandt • 44:44
Hey, it’s the 5th time this week I’ve had the greatest idea I’ve ever had.

John Capobianco • 44:48
Yeah. The gaslighting. It’s tough. So, for companies that are like trying to navigate this space, what’s going to make companies successful? And like, how should a company approach this?

John Capobianco • 45:03
How should they communicate the value? I mean, I think we’re kind of in that weird space like we were with cloud, where it’s like CIOs are getting that message. It’s like, you got to go to the cloud. You know, it’s like, you got to go to AI. And then like, you know, they went out and they spent all the money on Copilot, you know, Microsoft’s Copilot and they threw it in there without any real plan. And everybody’s like, okay, I wrote a better email.

Chris Brandt • 45:24
I think most enterprises are going to go through a scale of like, you’re not allowed to use it, right? To you’re permitted to use it under these strict guidelines. To we think you should be using it. To you must be using it. I think all enterprises are going to go through that.

John Capobianco • 45:44
And then to you don’t have to use it anymore because you’re no longer working here.

Chris Brandt • 45:48
And hopefully that’s not the last one. Is that thank you for using it on your way out, right? As a thank you for using this thing. We don’t need you.

John Capobianco • 45:57
Yeah. Stop by the AI for your exit interview.

Chris Brandt • 46:00
But I think shadow AI right now is the biggest threat if I put on an enterprise hat, if I’m a good corporate citizen. I think shadow AI, for me to install alt tab and go to ChatGPT, put in my own Gmail and bang out that email for work. I think there’s a shadow AI, which mimics shadow IT in a way. People used to use, say, Dropbox to dump corporate documents in so they could access it from their own computer because they didn’t have VPN and things like that back in the day. Or certain people would just provision their own Wi-Fi circuits. That was a problem for me running networks, rogue Wi-Fi circuits in offices, things like that. So shadow AI is very scary, right?

Chris Brandt • 46:44
The wrong information in public models, private information, protected information, confidential information, medical information. Everyone’s doing it. You know that there are people probably right now as we’re talking, copy and pasting in stuff they shouldn’t be into a public model of some kind. So leadership needs to get in front of this.

John Capobianco • 47:05
Well, maybe all their network data, too, which that could be scary.

Chris Brandt • 47:09
Network data, even scarier, right? So, I think leadership needs to get in front of this. Pick a partner — two choices: pick a partner for a cloud. And think of it as a private cloud. They’re not going to learn from your data. You’re going to have terms and agreements with Anthropic, with Google, with Microsoft, with ChatGPT, with your cloud provider of choice for your LLM. Give your staff the API keys.

Chris Brandt • 47:33
From an approved source, once you’ve worked that out, give them a token budget and communicate to them that they’re encouraged to start using these things with certain guardrails, right? Hopefully, all of your data is already classified, and you may need to reclassify some data as being in or out in what you can use with AI.

John Capobianco • 47:55
The thing that’s really interesting about the non-deterministic nature of AI is that things you wouldn’t predict or expect or anticipate that kind of flow through — AI can start making decisions around some of those things too. So that’s another aspect of it that, like, where you get into the sort of signature-based kind of things and never really figured it out. And the thing that’s interesting about that is, too, it’s not just understanding the context of your network or whatever, but understanding the broader context of your business, the broader context of the world to make some of those determinations is really compelling.

Chris Brandt • 48:27
I think you’re totally correct. The persona we give the agent, if we can instill the agent with our corporate values, like the mission statement of a company is something that I would be attaching to my AI agents, right? You work for this company. Here is our mission. Here’s our value statement. Here’s our values. Here’s our founders.

Chris Brandt • 48:47
Here’s our customers. Like the more you can teach the agent, just like a network engineer, they have to know that. You know, technically, do they really? Because the networks, the network, they don’t really matter who they’re working for, what network they’re building. But to be good citizens and to be part of the team and part of the company, it does mean going through the HR training and being part of that team, right? So I think we need to treat our agents in a very similar way. Treat them like people.

Chris Brandt • 49:16
Now, the only other follow-up to that is if cloud providers is not an option for your enterprise, because there’s a vast number of enterprises that are maybe medical or hospital or government or some agency that can’t use a public cloud model, regardless of the guardrails they provide, then it’s starting to getting into the business of buying GPUs and running your own on-prem models that then you give access.

John Capobianco • 49:46
Well, good luck about buying GPUs because if you know where to get them, let me know. And while you’re in, throw me in some DDR5.

Chris Brandt • 49:53
I don’t think that there’s any way around it. I think companies — even the military — who are likely running data centers with GPUs and doing inference on it, right?

John Capobianco • 50:03
Yeah. Well, I mean, certainly they are because we’ve heard the big debate with Anthropic and then OpenAI kind of came back and said, you know, maybe we do need to modify our terms a bit. You know, I remember hearing a few years back, it was like, you know, Palmer Luckey, the inventor of the Rift headset, you know, he went off and then started working for the defense contractor, putting AI into killing machines, basically. And, you know, his whole thing was like, we’re going to have AI do all the target selection, but, you know, the pilot’s going to pull the trigger. So it’s like, you know, you have a lot of questionable potential uses in that space as well.

Chris Brandt • 50:44
You know, we talked about it a little bit leading up to this before we started recording. And, you know, it’s a reflection on humanity. It really is. It’s unfortunate that this tool that could lead to things like curing diseases or preventing diseases or predicting natural disasters or leading to universal basic income — because we can wait till this takes a physical form. Wait till the robots get better and robots are powered by AI, right? And what do we do as a species? We try to figure out how to use it to kill other humans as one of the early implementations of the technology.

Chris Brandt • 51:20
It’s depressing. It’s terribly depressing. But for every one of those stories, there’s a hundred stories about cancer research being improved every day. Honestly, as an uplifting thing, if you’re listening to this and you’re sort of like me and just overwhelmed by the situation and the change and everything, Google AI cancer research and do a Google news search every three or five days, just once a week, look and see what humans are doing to combat that disease with artificial intelligence. And it should counterbalance or give you a perspective that there are good humans trying to use this for good that could affect millions and millions of lives in a positive way. If you’re a network engineer and your network has tens of thousands of users, thousands of users, millions of dollars, supports critical applications, it’s a similar opportunity for you to make that even better, make that even faster, make it even more resilient, document it, test it — every one of us human beings now has this new capability.

Chris Brandt • 52:37
And I think we should be exploring it for the good of our species, really.

John Capobianco • 52:43
We are standing at a very important inflection point in the history of humanity. And we can build something that will create almost a utopian society, potentially. I mean, with the advent of physical AI that’s coming in and all these other things, we have the ability to just take the burden off of ourselves, you know, remove ourselves from a scarcity economy, scarcity in general mindset. Or we can concentrate all the power in the hands of a few people and they can choose to make it a war machine. So like we can either — we have the opportunity now to create a heaven for ourselves or a hell for ourselves. And we should all be active in making that choice because it’s an important one right now.

John Capobianco • 53:33
I probably sound very hyperbolic to some people, but from all the conversations I’ve had with AI leading researchers and people leading the charge in AI, it always comes down to the same kind of conversation. It’s like, it can be the greatest thing we’ve ever built or the worst thing we’ve ever built. And we just need to make sure it’s the greatest.

Chris Brandt • 53:54
Very well said. Very inspirational and very optimistic. And I’ve been reading — I like to think of a soft landing. There’s a, I don’t know if it’s Google or IBM put out a paper about soft landing. And that was a good read about how, you know, there were 14,000 humans in the sub-Saharan Desert at our smallest number. And yet we found a way to migrate and found a way to reach billions of us all over Earth.

Chris Brandt • 54:21
You know, we’ve domesticated animals, we’ve got agriculture, we’ve got the Industrial Revolution, and yes, our history is marred with war and destruction and death, but this is maybe an opportunity. It’s not going to change overnight, right? And I don’t even know in our lifetime if we’re going to feel the difference. But technically speaking, right now is the best time to be alive as a human being. And tomorrow is going to be even better. And like using the numbers — mortality rates, infant mortality rates, life expectancy, quality of life, clean water availability — all of these things are better now than in a long arc of history.

Chris Brandt • 55:04
But we don’t feel it. We’re the frog being boiled by it. And of course, our mass media wants our attention. And how do they get attention? If it bleeds, it leads.

Chris Brandt • 55:17
Right, the fear and the uncertainty and the doubt — we’re drawn to that for some reason. And so we feel like the world is a real terrible place right now. But if you look at the numbers, it’s actually a very, very good time to be alive.

John Capobianco • 55:33
Yeah. Well, for some people, I suppose.

Chris Brandt • 55:36
Very well said.

John Capobianco • 55:39
Maybe that’s a little bit of the future’s already here. It’s just distributed unevenly, I guess.

Chris Brandt • 55:44
I say that with a lot of privilege living in Canada and the country I live in and the upbringing I had. Yes, I realize that maybe the people in different parts of the world maybe disagree with my assessment, right?

John Capobianco • 55:56
It has to be the rising tide that lifts all boats, right? Yeah. I’m full of like weird quotes from technology people over the years. But so speaking of inspirational, I wanted you to talk about this VIBOPS forum. This non-judgmental safe place for vibe coders. Tell me all about it.

Chris Brandt • 56:15
I was previously part of several online forums for network engineers with varying focuses. And there was a lot of pushback around any artificial intelligence ideas or code or projects or just sharing ideas about AI. You know, it was met with a lot of — more AI slop. This is slop. More of this AI hype. It really wasn’t well received. And I didn’t want to fight.

Chris Brandt • 56:42
Those aren’t my spaces. They’re shared spaces. And if the majority of the opinion in those spaces is we don’t want to hear about AI, I started to feel like a little bit of a nuisance there bringing up my AI stuff every once in a while. So I thought, what if I make a space — and like moths to a flame, 600 people have already joined? We’ll probably get a thousand people by the end of the month. People who want to learn about AI, sharing news, sharing the models, sharing their code, looking at my code, using my code, giving me their code and giving me pull requests into code. Itential, where I work, has gotten fully behind it.

Chris Brandt • 57:24
And our developers are in there. So there’s a flow AI space for people that directly interface with our developers. There are people from all over the world. A Japanese developer just reached out and they shared some code. And it is exactly like you said, safe and inclusive and open and receptive. No one is judging anyone’s work or dismissing it outright because it’s artificial intelligence related. In fact, it’s the opposite.

Chris Brandt • 57:52
The coolest thing you can find that AI made, get it shared in the Vibe Ops forum, and we all just love it. We all talk about it, and we all try to build our own version of it. It’s become a really thriving community. And I wanted just to, you know, let people know that there are other people out there. It’s just like any other hobby, right? Like some people are into model trains.

Chris Brandt • 58:14
I’m into artificial intelligence. It just happens to be something that really excites me. And I get to build things and learn things. And I’m trying to find other people that may be hobbyists, and there’s nothing wrong with being a hobbyist, but enthusiasts, you know, enthusiastic about it, right?

John Capobianco • 58:32
One of the great promises of AI is the fact that non-coders can actually produce high-quality code now. And the thing that’s interesting about that is because they may not be coders, but they may be domain experts. And all of a sudden, areas that had no ability to automate or apply code to digitize — now the people who understand the problem domain can actually do it themselves through natural language. And I think that to me has such an acceleration factor to it that that’s going to be really interesting to watch, too.

Chris Brandt • 59:11
It’s a new superpower. And like you said, that domain-specific knowledge, there are network engineers, once it clicks, once they see this as an opportunity and not a threat, they say things like, well, what if I could build a dashboard and visualize X, Y, and Z from the network? A lot of network engineers gravitate towards thinking all the tools that I pay for and all the tools I’ve used in my life are missing this piece of information I’d like to see on the screen. And now they can vibe code it themselves and describe the UI, the look and feel, the font, the color, the input, the output. Do they want meters?

Chris Brandt • 59:53
Do they want pie charts? What do they want their dashboard to look like? And apply their domain-specific knowledge of networking. And now suddenly they’re building front-end UIs for their networks. Something unheard of without taking a college night course, three years of studying, reading books, right? And I’m not saying that those things are not still valuable. I’m just saying that you said accelerate — within days, they can have a front end versus learning the trade of programming for three to five years to make that dashboard, right?

John Capobianco • 1:00:28
I have something written down here that I just want to throw out there too, because I think it matters. And it sort of talks about where we are today. And it’s: is vibe coding just coding now? Because when I talk to companies, it’s like all our developers are just vibe coding. They haven’t written a line of code since last year, you know?

Chris Brandt • 1:00:46
I love that. I’m glad you brought that up because I’ve had that conversation many times over the past few weeks. Like, do you really need to distinguish it anymore? Do you need to even say the vibe part of coding? It’s just another IDE at this point. It’s so neat, though, how the theme and the idea has now been symbiotically joined into the way humans deal with things. Like this AI agent, everyone understands what it means to vibe code.

Chris Brandt • 1:01:15
And now it’s become so predominant and so useful.

John Capobianco • 1:01:20
It’s not just janky companies that are doing it. I mean, like big, big companies are using it extensively now.

Chris Brandt • 1:01:28
And the coders that I know, like serious developers, they’ve done it their whole lives — they would tell you not to write the code anymore. Don’t write the code, write the specifications. That you use to feed an AI to write the code. Read the code, yes. Improve the code, refactor the code, but don’t write code. That’s what software people are telling other people. Don’t write the code anymore.

Chris Brandt • 1:01:53
I would say, similarly, in the network world, don’t write the configs anymore. Writing configs is a solved problem now. You’re doing it wrong if you are writing it by hand. You’re just introducing human problems into it. We’ve moved past that. That’s a solved issue.

Chris Brandt • 1:02:10
Use your skills more strategically and in leadership and design and architecture and security, start applying that innovation, right? There are so many more useful things than signing into a router to shut an interface. Like that is — why can’t we just have an agent do that under the given circumstances?

John Capobianco • 1:02:37
And why can’t you just say, hey, go shut down interface one on router, you know, blah, blah, blah. Right. Yeah. Where do people find the Vibe Ops forum?

Chris Brandt • 1:02:46
Yeah, it’s a little tricky because it’s a Slack channel and I’m not paying for the Slack channel right now as of yet. We may be upgrading. But if you go to my LinkedIn or my Twitter or just reach out to me directly on either of those platforms. And anyone inspired by this, anyone who wants to get started, anyone who wants to have any follow-up questions, if you were inspired by this, if any of this was new to you and you want to learn more, honestly, feel free to reach out. I answer every correspondence and I take my role in the community pretty seriously.

John Capobianco • 1:03:28
That’s awesome. Well, you know, another good place for forums is Discord. I don’t know if you’ve investigated that angle, but that may be a little easier than even the Slack, although Slack has a lot of nice advantages to that too. But awesome, man. Thank you so much for being on. I can’t wait to talk again, and thanks a thousand times over.