Pulumi, the infrastructure-as-code platform, announced AI-powered automatic policy remediation through Pulumi Neo, addressing a persistent challenge in infrastructure governance: the backlog of policy violations that platform teams struggle to remediate at scale. Neo analyzes and automatically fixes policy violations with configurable guardrails and approval workflows. Enhanced policy management capabilities, including executive dashboards and org-wide enforcement, are now available across Team, Enterprise, and Business Critical editions.
Platform teams managing multi-cloud infrastructure face a capacity challenge: governance and security tools can identify thousands of policy violations across an organization’s infrastructure, but each violation requires manual engineering work to investigate, fix, test, and deploy. Organizations pursuing frameworks like HITRUST or FedRAMP can face backlogs exceeding 100,000 violations. Existing approaches focus primarily on detection. Policy-as-code frameworks prevent non-compliant infrastructure from being deployed but do not fix violations in existing infrastructure.
“We gave our auditors access to our policy packs because it’s far easier to understand and prove controls in code than in docs and diagrams,” explained Michael Hunter, CEO at Spear AI, a Pulumi customer. “With Pulumi’s Policy as Code approach, that manual review process has gone away. We’ve reduced our ATO timeline from a year and a half to expecting approval in three months.”
Also Read: Codacy Unveils Free AI Risk Tool for Security and Compliance
“Platform teams tell us they can’t keep pace with the volume of policy violations their tools identify,” said Joe Duffy, CEO and Co-founder of Pulumi. “Detection is necessary but not sufficient. Neo addresses the remediation gap by understanding policy violations in context, generating appropriate infrastructure-as-code fixes, and applying them automatically when teams choose, or routing them through approval workflows when human review is required.”
Pulumi’s enhanced policy capabilities work across any infrastructure on any cloud provider, enabling organizations to assess and remediate policy violations without requiring prior migration to Pulumi infrastructure-as-code. The platform includes pre-built compliance frameworks for CIS, NIST, PCI DSS, HITRUST, ISO 27001, and SOC 2, along with policy enforcement at deployment time, audit scanning of existing infrastructure, and Neo’s AI-powered remediation with configurable approval workflows.
“The infrastructure governance challenge has shifted from detection to remediation at scale,” said Jim Mercer, Program Vice President, Software Development, DevOps, and DevSecOps at IDC. “Organizations are drowning in policy violation backlogs that grow faster than teams can manually address them. Pulumi’s integration of AI-powered remediation with policy-as-code represents an opportunity to shift from simply identifying problems to automatically resolving them within established compliance boundaries. This capability could help address the critical bottleneck we’re seeing across enterprises: having visibility without the capacity to act on it.”
Source: Pulumi