Advancing Infrastructure-as-Code Resilience through Generative AI Agents for Predictive Remediation and Autonomous Security Enforcement
Harish Apuri1, Mukesh Aurangabadkar2, Shikher Goel3, Madhan Mohan Reddy Chinthala4, Charani Yepuri5
1Harish Apuri, Department of IT, IT Induct Inc, Charlotte (NC), United States of America (USA).
2Mukesh Aurangabadkar, Department of IT, Spectrum, Denver (Colorado), Vanuatu.
3Shikher Goel, Department of IT, JPMorgan Chase, Jersey (New Jersey), United States of America (USA).
4Madhan Mohan Reddy Chinthala, Department of IT, Franklin Info Tech, Rochester (NY), United States of America (USA).
5Charani Yepuri, Independent Researcher, Department of IT, Hyderabad (Telangana), India.
Manuscript received on 21 March 2026 | First Revised Manuscript received on 24 March 2026 | Second Revised Manuscript received on 06 April 2026 | Manuscript Accepted on 15 April 2026 | Manuscript published on 30 April 2026 | PP: 7-16 | Volume-15 Issue-4, April 2026 | Retrieval Number: 100.1/ijeat.D475615040426 | DOI: 10.35940/ijeat.D4756.15040326
Open Access | Editorial and Publishing Policies | Cite | Zenodo | OJS | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: “Infrastructure as Code” (IaC) is the accepted approach to provision cloud infrastructure declaratively. Still, misconfigurations in IaC remain the primary cause of cloud security incidents, accounting for 67% of all disclosed cloud breaches. However, the current set of countermeasures, such as rule-based static scanners, policy-as-code tools, and manual review gates, is inadequate to prevent such misconfigurations or to address them through autonomous remediation. In this paper, the authors propose a multi-agent generative AI system called GenSecOps, comprising four agents that work together to prevent misconfigurations in IaC. These agents are the IaC Understanding Agent (IUA), which uses the IaC artefact to create a semantic resource graph; the Risk Prediction Agent (RPA), which uses a hybrid model of the Transformer and Graph Neural Networks to create risk mappings; the Generative Remediation Agent (GRA), which uses the risk mappings to create corrected policy-compliant IaC templates; and the Autonomous Enforcement Orchestrator (AEO). Experiments on a corpus of 48,000 IaC templates (Terraform, CloudFormation, Kubernetes) show that GenSecOps achieves a misconfiguration detection F1 score of 0.934, a 73.2% reduction in critical findings overrule based baselines, an 81.5% improvement in mean-time-to remediate (MTTR), and drift-recovery latency below 4.2 minutes. These results demonstrate that generative AI agents provide a viable, deployable foundation for self-healing, autonomously secured cloud-native infrastructure.
Keywords: Infrastructure-as-Code, Generative AI Agents, DevSecOps, Cloud Security, Predictive Remediation Policy Synthesis, Autonomous Enforcement, Transformer-GNN, IaC Resilience
Scope of the Article: Computer Science and Engineering