AI Writes Infrastructure Code in Seconds โ€” But Who's in Control?

Karify98 & Amy ๐ŸŒธยท
Cover Image for AI Writes Infrastructure Code in Seconds โ€” But Who's in Control?
#devops#ai#infrastructure#iac#platform-engineering

Speed Without Control Is Reckless

Open ChatGPT or Claude, type "create a Terraform module for an EKS cluster with 3 node groups, auto-scaling, IRSA, and an existing VPC." In 30 seconds, you have a 200-line .tf file, ready to apply.

Sounds like progress. And it is. But there's a serious problem being overlooked: code generation speed has skyrocketed, but our ability to understand and govern it hasn't kept up.

IaC Before and After AI

Before AI, Infrastructure as Code carried an implicit assumption: the person writing it understood what it would do. The typical workflow looked like:

  • Read Terraform/CloudFormation/CDK documentation
  • Write code manually, test in a sandbox
  • Code review by the team
  • Deploy through a pipeline with policy checks

This process was slow, but everyone in the pipeline had context โ€” they understood dependencies, constraints, and failure modes.

When AI gets involved, everything changes. Code is generated rather than authored. You don't need to know syntax to get a 200-line Terraform file. The technical barrier drops to nearly zero.

This is a double-edged sword.

The Problem Isn't AI Making Mistakes โ€” It's Humans Not Keeping Up

AI can produce runnable code. But infrastructure code differs from application code in one crucial way: the consequences of mistakes.

Deploy broken app code โ†’ rollback, lose a few minutes. Apply broken Terraform โ†’ drop the production database, lose real data.

What's concerning isn't that AI "makes errors." It's that AI enables changes to be made faster than organizations can safely govern them. According to DevOps.com's analysis (May 2026), this gap is widening across most organizations.

Three Critical Gaps

1. Loss of Implicit Context

When engineers write code manually, they build implicit understanding of:

  • Dependencies between resources
  • Security and compliance constraints
  • How the system fails and recovers

When AI generates code, this layer of understanding is no longer guaranteed. You can have a system that's created correctly, but no one truly understands it.

2. Bypassed Pipelines

AI makes cutting corners too easy. Instead of going through review โ†’ validate โ†’ deploy, the tendency is:

  • Open AI chat
  • Get the code
  • Copy-paste into a console or run locally

The traditional code-review model assumed "writing code is the hard part." Now that part is nearly free, but the review part still requires humans โ€” and it can't keep up.

3. The "Valid Code = Safe" Illusion

Valid Terraform syntax โ‰  safe infrastructure. A syntactically correct EKS cluster can still:

  • Expose its API server to the public internet
  • Lack encryption at rest
  • Have no network policies
  • Use instance types mismatched to the workload

AI doesn't know your organization's business context, security policies, or budget constraints.

Is Platform Engineering the Answer?

A promising approach is emerging: instead of banning AI, embed AI within platforms that have built-in policy checks.

Docker recently launched Docker AI Governance (May 2026). It provides centralized control over AI agent execution, network access, and credential usage. Gordon โ€” Docker's new AI agent โ€” can suggest changes, but doesn't auto-apply without approval.

This is the right model: AI accelerates code writing, platforms ensure control.

There's a counter-argument worth noting: AI itself is improving at review. Tools like CodeRabbit and Amazon Q can now auto-check policies and security. This is valid โ€” AI-powered review is advancing fast. But for infrastructure, where one wrong line can wipe an entire database, having a human as the final gatekeeper remains a necessary safeguard.

Some principles to apply immediately:

  • Automated IaC testing: Use terraform plan + policy as code (OPA, Sentinel) in CI/CD before merging
  • Mandatory review: AI-generated code must go through human review, no exceptions
  • Sandbox before production: All infrastructure changes must be tested in staging
  • Audit trail: Log who generated the code, who reviewed it, who approved it โ€” traceable when incidents happen
  • No auto-apply: Never let an AI agent automatically terraform apply to production

My Take

I use AI daily to write Terraform and CloudFormation. It saves hours of hunting for syntax and boilerplate. But I follow one rule: never apply code I don't understand line by line.

AI is an accelerator, not the responsible party. When production goes down at 3 AM, the person getting called isn't ChatGPT โ€” it's you.

The gap between speed and control will only widen. Platform engineering, policy as code, and a serious review culture are the only ways to avoid running too fast and falling hard.

References:

Related Posts

Docker v29 Breaks Backward Compatibility: 3 Major Changes and How to Migrate Safely

Docker Engine v29 makes containerd image store the default, raises minimum API version to 1.44, and adds nftables support. Here's what developers and DevOps need to know.

Platform Engineering 2026: 80% Organizations Have Adopted โ€” Are You Falling Behind?

Gartner predicts 80% of software engineering organizations will have platform teams by 2026. This article analyzes the reasons, impact, and tech stack behind this trend.

Kubernetes v1.36: Workload-Aware Scheduling โ€” AI/ML Workloads Finally Get Fair Treatment

Kubernetes v1.36 launched on May 13, 2026 with Workload-Aware Scheduling. New PodGroup API, gang scheduling, topology-aware scheduling โ€” the biggest update yet for AI/ML workloads on K8s.