AI‑written infra needs guardrails
As teams let AI generate infrastructure‑as‑code, security leaders warn of hidden misconfigurations and privilege escalation — strict human‑in‑the‑loop controls are being recommended for classified deployments. The guidance is to treat AI‑produced manifests as untrusted inputs until reviewed. (thenewstack.io)
Spacelift announced “Spacelift Intelligence” on March 18, 2026, packaging an AI Infrastructure Assistant and a natural‑language deployment model called Intent into the orchestration platform. (spacelift.io) Intent interprets plain‑English requests, plans changes, and executes resource provisioning inside Spacelift’s control plane while preserving the platform’s policy checks and approval flows. (spacelift.io) Marcin Wyszynski, Spacelift co‑founder and OpenTofu co‑founder, warned on March 20, 2026 that AI‑generated IaC creates a “comprehension gap” where operators can’t reliably understand generated manifests and that bad infrastructure changes can destroy production databases. (thenewstack.io) Spacelift’s security documentation lists FedRAMP authorization and SOC 2 Type II certification and describes private worker pools and an open‑source worker image to support on‑prem or air‑gapped deployments for sensitive workloads. (spacelift.io) The company previously shipped AI tooling—Saturnhead AI for DevOps troubleshooting in April 2025 and an earlier open‑source Intent/agentic provisioning announcement in October 2025—marking a staged expansion from AI assistance to direct provisioning. (thenewstack.io) Spacelift’s product messaging emphasizes retained state tracking, immutable audit trails, policy‑as‑code enforcement, SSO via SAML/OIDC, MFA, and encryption in transit and at rest as controls that run during natural‑language deployments. (spacelift.io)
