AI-written infrastructure code is shipping with little review

AI-assisted development has moved from novelty to default in most software organizations. A Spacelift survey of 406 IT and platform leaders, covered this morning by Help Net Security, finds that most teams are now shipping AI-written infrastructure code with minimal review, and nearly every organization has already lived through at least one AI-caused infrastructure incident in the past year.

Where the speed lands, and where the strain goes

The pattern shows up clearly in the survey. Most organizations say AI has made their developers faster, and most also say it has piled new demands on the infrastructure teams that have to absorb the output. Roughly two thirds of respondents say their developers adopted AI ahead of their infrastructure teams, which is a large part of why the strain lands where it does. Security problems are surfacing sooner, governance is getting harder, change volume is climbing, and pipelines are under more strain than before.

A large majority of infrastructure leaders say they are confident in their organization's ability to govern AI. A much smaller share have an actual governance policy in place. Many teams believe they have AI under control because the day has not yet gone wrong, and that belief is widest among the organizations with the fewest controls. The result is a confidence gap that is structural, not just a measurement error: the teams with the most confidence are the ones with the least visibility, and the teams with the most visibility are the ones most worried.

The downstream blast radius is wider than application code. A misconfigured application might throw a 500. A misconfigured infrastructure module creates a public S3 bucket, an open security group, a database without encryption at rest, a network rule that exposes a private subnet to the internet. The same prompt that produces a working application endpoint in a developer preview can produce a policy violation in production, and the gap between those two outcomes is what the review process exists to close. When that review process does not exist, the misconfiguration ships, and the team that finds out about it is not the team that wrote it.

The four readiness groups in the Spacelift data

The report sorts organizations into four groups by readiness. At one end sit the Exposed, who use AI with little governance to back it up. In the middle are the Fragmented, who use it unevenly across teams and projects, and the Outpacing, who adopt aggressively with governance trailing. At the other end are the Pioneers, who built their governance and automation before AI showed up and can now absorb what it produces.

The willingness to ship AI-written code with little scrutiny extends past application code into the infrastructure layer itself. Most teams will apply AI-generated infrastructure code with minimal review or none at all. The distinction the report draws is about where that code runs. Pioneer organizations vibe-code their infrastructure at a high rate too, but they do it inside governed pipelines, so a bad output gets caught before it reaches production. A misconfiguration that slips through is a resource problem in production, with a wider blast radius than a buggy application function. Nearly all organizations report at least one AI-caused infrastructure incident in the past year, ranging from rework and security misconfigurations to compliance violations and drift. Almost every Exposed organization has lived through one of these incidents. A meaningful share of Pioneers have had none, because automated validation catches failures that manual review misses at volume.

The split between the four groups is not about AI usage rate. It is about the order in which governance and adoption arrived. Pioneers built their policy-as-code, drift detection, and review automation before AI showed up, and the new AI-written output flows through the same checks that human-written output has flowed through for years. The Exposed group did the opposite, and the gap between the two groups is now a chasm. The Fragmented and Outpacing groups are somewhere in between, and they are the ones that decide whether the next two years see a convergence toward Pioneer discipline or a drift toward Exposed exposure.

Agentic infrastructure and the disappearing checkpoint

What worries the leaders surveyed is the next move. Most plan to adopt agentic AI for infrastructure, and a quarter want to do so within six months. Agentic systems make infrastructure decisions on their own, which removes the human checkpoint that currently catches problems. The controls then have to live inside the workflow, because there is no review stage left to lean on. Among early adopters, agentic systems are already causing incidents at a notable rate, and the gap between Exposed and Pioneer groups is widening, not narrowing, as more teams push toward autonomy without a parallel investment in policy-as-code and review automation. The same pattern is showing up in adjacent categories. Snyk's recent launch of Evo ADS, a governance layer for AI coding agents, and the broader agent identity and access story from our enterprise AI governance checklist both point to the same conclusion: governance has to ship with the model, not after it.

The structural fix, per the survey, is platform engineering. Plenty of organizations are considering the shift. Far fewer have done it, and the ones who have tend to be Pioneers, with Exposed organizations almost nowhere on this axis. Developers take the governed path when it is the easy path, so the job of a platform team is to make the safe route the fast one. Pioneers also report that this shared tooling improves how engineering, platform, and security teams work together, which is the cultural return on top of the technical one. The platform engineering response is not a new tooling category. It is the same Terraform, OpenTofu, and policy-as-code layer the industry has been building for a decade, now applied to AI-written output that arrives at a rate the manual review process was never designed to handle. The Spacelift data, taken with the parallel rise of agentic infrastructure and the gaps it opens, points to a single lesson: AI-written infrastructure code is not a developer productivity story any more. It is an infrastructure review story, and the teams that treat it as one will be the ones left standing when the next AI-caused incident lands. The full survey writeup is in Help Net Security's coverage of the Spacelift report.