Authors: Sunil Anasuri, Komal Manohar Tekale
Abstract: The quick pace of AI coding assistant adoption in cloud engineering has greatly led to the creation of Infrastructure-as-Code (IaC) and CI/CD pipelines. Nevertheless, AI-generated setting may readily imply security misconfigurations, insecure defaults and violations of the policy that can be transmitted straight into production cloud environments. Such risks are especially acute in those organizations that deal with regulated and high-assurance industries, whose misconfigured resources can cause data breaches, privilege increases, and violation of the rules. Conventional security review procedures are too sluggish and manual to follow through with the AI-assisted development processes, which resulted in a pressing need of automated preventive security mechanisms. The paper presents a recommendation in the form of the AI Guardrailed Cloud Engineering Framework (AGCEF) that is a proactive security model that involves the imposition of guardrails on AI-generated IaC and CI/CD artifacts prior to the deployment. AGCEF combines policy-as-code checking, matching of vulnerability signatures, semantic intent checking with LLM and a quantitative risk scoring system, which identifies and thwart insecure configurations at design time. Through experimental analysis, it is shown that AGCEF is significantly better in comparison to current AI-based methods of vulnerability detection because it offers higher vulnerability prevention, lowers false negatives, less manual review, and enhances the safety of deployment. The framework allows organizations to use AI copilots to enhance productivity and maintain high levels of cloud security and compliance, hence restoring the balance between the speed of AI-assisted development and AI-assisted operations in the cloud.
DOI: https://doi.org/10.5281/zenodo.18594687
