A covert hacker is bluffing their way through a system’s security access zones with stolen or forged credentials, and the occasional subtle exploit to reach the zone which has the permissions they need.
A hacker who’s been noticed, or one who’s brute-forcing a system, is essentially running a race against the system’s active countermeasures. Each security zone provides (tentatively) 2-3 boxes on the ‘cracking’ stress track, and the hacker’s goal is to fill it, while security’s goal is to empty it. The access level of a hacker (compared to their goal access level) at the time their infiltration is discovered determines the number of filled boxes that the track starts with.
This can, of course, have as many different AR sensory representations as there are systems.