Most teams will ship AI-written infrastructure code with little review

AI-assisted development has settled into everyday practice across software organizations, and developers using it move from idea to working code in hours. That code does not stay with the developers who prompt it. It flows downstream to the DevOps and platform teams who deploy and maintain it, and those teams are not getting the same speed boost.

A Spacelift survey of 406 IT and platform leaders in North America captures what happens when one side of the pipeline speeds up and the other has to keep up.

Speed on one side, strain on the other

Most organizations say AI has made their developers faster, and most also say it has piled new demands onto their infrastructure teams. The downstream effects are already showing. Security problems are surfacing sooner, governance getting harder, change volume climbing, and pipelines under more strain. Roughly two-thirds of organizations say their developers adopted AI ahead of their infrastructure teams, which is a large part of why the strain lands where it does.

Confidence outruns control

A large majority of infrastructure leaders say they are confident in their organization’s ability to govern AI. A much smaller share have an actual governance policy in place. Many teams believe they have AI under control because the day has not yet gone wrong, and that belief is widest among the organizations with the fewest controls.

The report sorts organizations into four groups by readiness. At one end sit the Exposed, who use AI with little governance to back it up. In the middle are the Fragmented, who use it unevenly, and the Outpacing, who adopt aggressively with governance trailing. At the other end are the Pioneers, who built their governance and automation before AI showed up and can now absorb what it produces.

Review becomes optional

The willingness to ship AI-written code with little scrutiny extends past application code into the infrastructure layer itself. Most teams will apply AI-generated infrastructure code with minimal review or none at all. The distinction the report draws is about where that code runs. Pioneer organizations vibe-code their infrastructure at a high rate too, but they do it inside governed pipelines, so a bad output gets caught before it reaches production. A misconfiguration that slips through is a resource problem in production, with a wider blast radius than a buggy application function.

The incidents are here

The consequences have arrived. Nearly all organizations report at least one AI-caused infrastructure incident in the past year, ranging from rework and security misconfigurations to compliance violations and drift. The split between segments comes down to governance. Almost every Exposed organization has lived through one of these incidents. A meaningful share of Pioneers have had none, because automated validation catches failures that manual review misses at volume.

The agentic step

What worries the leaders surveyed is the next move. Most plan to adopt agentic AI for infrastructure, and a quarter want to do so within six months. Agentic systems make infrastructure decisions on their own, which removes the human checkpoint that currently catches problems. The controls then have to live inside the workflow, because there is no review stage left to lean on. Among early adopters, agentic systems are already causing incidents at a notable rate.

Platform engineering as the answer

The pattern points toward platform engineering as the structural fix. Plenty of organizations are considering the shift. Far fewer have done it, and the ones who have tend to be Pioneers, with Exposed organizations almost nowhere on this. Developers take the governed path when it is the easy path, so the job of a platform team is to make the safe route the fast one. Pioneers also report that this shared tooling improves how engineering, platform, and security teams work together.

Demo: Prophet Agentic AI SOC Platform transforms alert triage and investigation