Pulumi’s Ai Agent Tackles Infrastructure Compliance Backlogs

Organizations struggling pinch monolithic backlogs of infrastructure argumentation violations tin now look to Pulumi for relief, arsenic nan institution coming announced that its Neo AI platform engineer tin automatically place and hole compliance issues crossed unreality infrastructure astatine scale.

According to Craig Symonds, vice president of Pulumi Insights, nan caller offering addresses a cardinal symptom constituent for platform teams: While information and governance devices excel astatine detecting argumentation violations, remediating them has remained a manual, time-consuming process. For companies pursuing frameworks for illustration HITRUST aliases FedRAMP, those backlogs tin transcend 100,000 violations.

“Platform teams show america they can’t support gait pinch nan measurement of argumentation violations their devices identify,” said Joe Duffy, CEO and co-founder of Pulumi, successful a statement. “Detection is basal but not sufficient. Neo addresses nan remediation spread by knowing argumentation violations successful context, generating due Infrastructure arsenic Code [IaC] fixes, and applying them automatically erstwhile teams choose.”

From Detection to Remediation

Pulumi’s attack tackles what IDC expert Jim Mercer calls a captious displacement successful infrastructure governance.

“The infrastructure governance situation has shifted from discovery to remediation astatine scale,” Mercer said successful a statement. “Organizations are drowning successful argumentation usurpation backlogs that turn faster than teams tin manually reside them.”

The caller capabilities widen Pulumi’s Policy arsenic Code model beyond prevention into progressive remediation. While nan level already blocked noncompliant infrastructure from being deployed, it now scans existing infrastructure, identifies violations and uses AI to make fixes, Symonds told The New Stack successful a briefing.

Neo analyzes argumentation violations successful context, generates due IaC changes, and tin either use them automatically pinch configurable guardrails aliases way them done support workflows for quality review. The AI supplier besides has built-in safeguards — it cannot make changes that break organizational policies, arsenic those guardrails are baked into Pulumi’s IaC motor itself.

Real-World Impact

Symonds said 1 customer facing 30,000 HITRUST compliance violations — activity they estimated would return complete a twelvemonth to remediate manually — has already resolved astir 20% of those issues successful conscionable a fewer weeks utilizing Neo’s bulk remediation capabilities.

Michael Hunter, CEO astatine Spear AI, highlighted nan broader compliance benefits. “We gave our auditors entree to our argumentation packs because it’s acold easier to understand and beryllium controls successful codification than successful docs and diagrams,” Hunter said successful a statement. “With Pulumi’s Policy arsenic Code approach, that manual reappraisal process has gone away. We’ve reduced our ATO [Authority to Operate) timeline from a twelvemonth and a half to expecting support successful 3 months.”

Audit, Remediate, Prevent

The enhanced level follows a three-stage workflow:

• Audit: Pulumi scans infrastructure crossed immoderate unreality supplier — including resources not yet managed done Pulumi — and identifies argumentation violations against pre-built compliance frameworks, including CIS, NIST, PCI DSS, HITRUST, ISO 27001 and SOC 2.
• Remediate: Teams tin delegate violations to Neo successful bulk. The AI supplier generates propulsion requests pinch nan basal IaC changes. For resources not yet nether IaC control, Neo first imports them into code, past remediates nan violations.
• Prevent: Once clean, teams use nan aforesaid policies astatine deployment time, integrating them into CI/CD pipelines to artifact noncompliant changes earlier they scope production.

Developer-Centric Security

Pulumi’s strategy differs from accepted information operations devices by embedding compliance straight into developer workflows, Symonds said. Rather than requiring engineers to context-switch into abstracted information tools, argumentation violations look successful nan aforesaid IaC level they usage daily.

“Developers emotion doing things nan correct measurement initially, if they’re fixed nan information,” he noted. “They dislike having to spell backmost 3 months to activity they did 3 months ago, bring it backmost up and fig retired really to hole information issues they should person fixed then.”

This shift-left attack intends to span nan spread betwixt information teams that place violations and engineering teams that must hole them — a clash constituent that has spawned billions of dollars successful information tooling investment, Symonds said.

Availability

The argumentation capabilities are disposable to each Pulumi Cloud customers, including Team, Enterprise and Business Critical tiers. Audit scanning and AI-powered remediation done Neo are included for Enterprise and Business Critical customers.

Group Created pinch Sketch.