Published April 30, 2026 | Version CC-BY-NC-ND 4.0
Journal article Open

Advancing Infrastructure-as-Code Resilience through Generative AI Agents for Predictive Remediation and Autonomous Security Enforcement

Authors/Creators

  • 1. Department of IT, IT Induct Inc, Charlotte (NC), United States of America (USA).

Contributors

Contact person:

  • 1. Department of IT, IT Induct Inc, Charlotte (NC), United States of America (USA).
  • 2. Department of IT, Spectrum, Denver (Colorado), Vanuatu.
  • 3. Department of IT, JPMorgan Chase, Jersey (New Jersey), United States of America (USA).
  • 4. Department of IT, Franklin Info Tech, Rochester (NY), United States of America (USA).
  • 5. Independent Researcher, Department of IT, Hyderabad (Telangana), India.

Description

Abstract: "Infrastructure as Code" (IaC) is the accepted approach to provision cloud infrastructure declaratively. Still, misconfigurations in IaC remain the primary cause of cloud security incidents, accounting for 67% of all disclosed cloud breaches. However, the current set of countermeasures, such as rule-based static scanners, policy-as-code tools, and manual review gates, is inadequate to prevent such misconfigurations or to address them through autonomous remediation. In this paper, the authors propose a multi-agent generative AI system called GenSecOps, comprising four agents that work together to prevent misconfigurations in IaC. These agents are the IaC Understanding Agent (IUA), which uses the IaC artefact to create a semantic resource graph; the Risk Prediction Agent (RPA), which uses a hybrid model of the Transformer and Graph Neural Networks to create risk mappings; the Generative Remediation Agent (GRA), which uses the risk mappings to create corrected policy-compliant IaC templates; and the Autonomous Enforcement Orchestrator (AEO). Experiments on a corpus of 48,000 IaC templates (Terraform, CloudFormation, Kubernetes) show that GenSecOps achieves a misconfiguration detection F1 score of 0.934, a 73.2% reduction in critical findings overrule based baselines, an 81.5% improvement in mean-time-to remediate (MTTR), and drift-recovery latency below 4.2 minutes. These results demonstrate that generative AI agents provide a viable, deployable foundation for self-healing, autonomously secured cloud-native infrastructure.

Files

D475615040426.pdf

Files (718.9 kB)

Name Size Download all
md5:55509c5f58f4d16470dfb4d91cf2fa3c
718.9 kB Preview Download

Additional details

Identifiers

DOI
10.35940/ijeat.D4756.15040326
EISSN
2249-8958

Dates

Accepted
2026-04-15
Manuscript received on 21 March 2026 | First Revised Manuscript received on 24 March 2026 | Second Revised Manuscript received on 06 April 2026 | Manuscript Accepted on 15 April 2026 | Manuscript published on 30 April 2026

References

  • OpenAI: GPT-4 Technical Report. arXiv preprint arXiv:2303.08774, 2023. https://arxiv.org/abs/2303.08774
  • Anthropic: The Claude 3 Model Family: Opus, Sonnet, Haiku. Technical Report, 2024. https://www.anthropic.com/research/claude-3-model-card
  • Joon Sung Park, Joseph C. O'Brien, Carrie Jun Cai, Meredith Ringel Morris, Percy Liang, Michael S. Bernstein: Generative Agents: Interactive Simulacra of Human Behaviour. In: Proceedings of the 36th Annual ACM Symposium on User Interface Software and Technology (UIST), pp. 1–22, 2023. DOI: https://doi.org/10.1145/3586183.3606763
  • Akond Rahman, Chris Parnin, Laurie Williams: The Seven Sins: Security Smells in Infrastructure as Code Scripts. In: Proceedings of the 41st International Conference on Software Engineering (ICSE), pp. 164–175, 2019. DOI: https://doi.org/10.1109/ICSE.2019.00028
  • Indika Kumara, Dario Di Nucci, Damian A. Tamburri, Willem-Jan van den Heuvel: Yet Another Cybersecurity Research Study: Security Smells in Infrastructure as Code Scripts. In: Proceedings of the 18th International Conference on Mining Software Repositories (MSR), pp. 548–552, 2021. DOI: https://doi.org/10.1109/MSR52588.2021.00068
  • Christophe Ponsard, Abderrahman Touzani, Julien Grandclaudon: A Method for Automated Analysis of Privilege Escalation in Cloud IAM Configurations. In: Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES), pp. 1–9, 2022. DOI: https://doi.org/10.1145/3538969.3544413
  • Zheng Li, Yue Chen, Hao Wang, Wei Liu, Yi Zhang: A Systematic Literature Review of Security for Infrastructure as Code. IEEE Transactions on Reliability 72(3), 1112–1131, 2023. DOI: https://doi.org/10.1109/TR.2023.3265044
  • Mark Chen et al.: Evaluating Large Language Models Trained on Code. arXiv preprint arXiv:2107.03374, 2021. https://arxiv.org/abs/2107.03374
  • Daniel Fried, Armen Aghajanyan, Jessy Lin, Sida Wang, Eric Wallace, Freda Shi, Ruiqi Zhong, Wen-tau Yih, Luke Zettlemoyer, Mike Lewis: InCoder: A Generative Model for Code Infilling and Synthesis. In: Proceedings of the International Conference on Learning Representations (ICLR), 2023. https://arxiv.org/abs/2204.05999
  • Hammond Pearce, Baleegh Ahmad, Benjamin Tan, Brendan Dolan Gavitt, Ramesh Karri: Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions. In: IEEE Symposium on Security and Privacy (SP), pp. 754–768, 2022. DOI: https://doi.org/10.1109/SP46214.2022.9833571
  • Mohammed Latif Siddiq, Joanna C. S. Santos: SecurityEval Dataset: Mining Vulnerability Examples to Evaluate Machine Learning-Based Code Generation Techniques. In: Proceedings of the 1st International Workshop on Mining Software Repositories Applications for Privacy and Security (MSR4P&S), pp. 29–33, 2022. DOI: https://doi.org/10.1145/3549035.3561184
  • Gelei Deng, Yi Liu, Victor Mayoral-Vilches, Peng Liu, Yuekang Li, Yuan Xu, Tianwei Zhang, Yang Liu, Martin Pinzger, Stefan Rass: PentestGPT: An LLM-Empowered Automatic Penetration Testing Tool. arXiv preprint arXiv:2308.06782, 2023. https://arxiv.org/abs/2308.06782
  • Haonan Li, Yu Hao, Yizhuo Zhai, Zhiyun Qian: Enhancing Static Analysis for Practical Bug Detection: An LLM-Integrated Approach. In: Proceedings of the ACM on Programming Languages (OOPSLA), 2024. DOI: https://doi.org/10.1145/3649828
  • Thomas N. Kipf, Max Welling: Semi-Supervised Classification with Graph Convolutional Networks. In: International Conference on Learning Representations (ICLR), 2017. https://arxiv.org/abs/1609.02907
  • Petar Velickovic, Guillem Cucurull, Arantxa Casanova, Adriana Romero, Pietro Lio, Yoshua Bengio: Graph Attention Networks. In: International Conference on Learning Representations (ICLR), 2018. https://arxiv.org/abs/1710.10903
  • Yaqin Zhou, Shangqing Liu, Jingkai Siow, Xiaoning Du, Yang Liu: Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks. In: Advances in Neural Information Processing Systems (NeurIPS), pp. 10197–10207, 2019. https://arxiv.org/abs/1909.03496
  • Xiao Cheng, Haoyu Wang, Jiayi Hua, Guoai Xu, Yulei Sui: DeepWukong: Statistically Detecting Software Vulnerabilities Using Deep Graph Neural Networks. ACM Transactions on Software Engineering and Methodology 30(3), 1–33, 2021. DOI: https://doi.org/10.1145/3436877
  • Tsung-Yi Lin, Priya Goyal, Ross Girshick, Kaiming He, Piotr Dollár: Focal Loss for Dense Object Detection. In: Proceedings of the IEEE International Conference on Computer Vision (ICCV), pp. 2980–2988, 2017. DOI: https://doi.org/10.1109/ICCV.2017.324
  • Diederik P. Kingma, Max Welling: An Introduction to Variational Autoencoders. Foundations and Trends in Machine Learning 12(4), 307–392, 2019. DOI: https://doi.org/10.1561/2200000056
  • Ilya Loshchilov, Frank Hutter: Decoupled Weight Decay Regularisation. In: International Conference on Learning Representations (ICLR), 2019. https://arxiv.org/abs/1711.05101
  • Edward J. Hu, Yelong Shen, Phillip Wallis, Zeyuan Allen-Zhu, Yuanzhi Li, Shean Wang, Lu Wang, Weizhu Chen: LoRA: Low-Rank Adaptation of Large Language Models. In: International Conference on Learning Representations (ICLR), 2022. https://arxiv.org/abs/2106.09685
  • Baptiste Rozière, Jonas Gehring, Fabian Gloeckle, Sten Sootla, Itai Gat, Xiaoqing Ellen Tan, Yossi Adi, Jingyu Liu, Romain Sauvestre, Tal Remez, Jérémy Rapin, Artyom Kozhevnikov, Ivan Evtimov, Joanna Bitton, Manish Bhatt, Cristian Canton Ferrer, Aaron Grattafiori, Wenhan Xiong, Alexandre Défossez, Jade Copet, Faisal Azhar, Hugo Touvron, Louis Martin, Nicolas Usunier, Thomas Scialom, Gabriel Synnaeve: Code Llama: Open Foundation Models for Code. arXiv preprint arXiv:2308.12950, 2023. https://arxiv.org/abs/2308.12950
  • Alon Jacovi, Ana Marasović, Tim Miller, Yoav Goldberg: Formalising Trust in Artificial Intelligence: Prerequisites, Causes and Goals of Human Trust in AI. In: Proceedings of the ACM Conference on Fairness, Accountability, and Transparency (FAccT), pp. 624–635, 2021. DOI: https://doi.org/10.1145/3442188.3445923