How Upwork Eliminated IaC Remediation Backlog

Upwork, the world’s human and AI-powered work marketplace, used Gomboc to close cloud security gaps across hundreds of repositories without slowing engineers down.

“Instead of reviewing alerts, our engineers reviewed fixes. That shift saved weeks of manual work while improving consistency and security.”

- Shawn Chakravarty, Sr. Director of Active Defense, Upwork

Featured in the following Gartner® Hype Cycles:

  • •  Site Reliability Engineering

  • •  Cloud Platform Services

  • •  AI in IT Operations

  • •  I&O Automation

  • •  Infrastructure Platforms

  • •  Container Technology

  • •  IT Operations

  • •  Human and Social Services in Gov’t

  • •  Operations & Automation in the Communications Industry

Read the full case study

What Makes Gomboc Different

From Findings to Fixes — Powered by the Right Kind of AI

Gomboc focuses on outcomes: generating correct, merge-ready IaC fixes that engineers can trust. Instead of hallucinated code, it generates deterministic, standards-aligned fixes your team can trust.

Gomboc's fixes are deterministic, standards-aligned, and context-aware. No hallucinated code or guesswork. Over 94% are accepted as-is. Delivered as pull requests in Git workflows, Gomboc enables continuous remediation at scale without adding noise or slowing delivery. 

Automation Flow

Fix Infrastructure Without Breaking Flow

Gomboc executes cloud security remediation directly inside your existing development workflow. When a misconfiguration is identified, Gomboc generates a precise Infrastructure-as-Code fix and delivers it as a pull request ready for review, merge, and deployment. No tickets to chase.No vague recommendations to decipher. Just fixes that ship.

Remediate.

Reclaim.

Repeat.

Gomboc’s deterministic AI delivers the industry’s most accurate fixes, far beyond the basic, single-file solutions. Gomboc analyzes your entire architecture and context to apply precise, project-wide fixes that actually work.

How Gomboc Works

Workflow Visualization

Misconfiguration Identified 

Cloud or IaC issues are detected through existing scanners, policies, or CI/CD checks. Gomboc evaluates the issue against your architecture and security standards.  

Deterministic Fix Generated 

Gomboc automatically creates a standards-aligned IaC fix that's precisely scoped and context-aware.  

Fix Delivered in Code 

Gomboc automatically creates a standards-aligned IaC fix that's precisely scoped and context-aware.  

Review, Merge, Deploy 

Engineers review like any code change. Once merged, it flows through CI/CD, deploys to the cloud, and logs for audit and compliance. 

Why Now?

Misconfigured Cloud Service

The average cost of a cloud data breach is $5.17M. Attackers exploit exposed misconfigurations within hours. Gomboc keeps you ahead of risk by resolving issues before they're breached.

Gomboc ROI

Measurable Impact in

Not Weeks

Measurable

Not Weeks

What Changes When AI Fixes Ship Automatically

Gomboc replaces weeks of manual remediation with deterministic, merge-ready fixes that deliver measurable results from day one.

100% Deterministic,
Standards-Aligned Fixes

Every fix Gomboc generates is accurate and produced the same way every time. No guesswork. No hallucinated code. Just infrastructure changes engineers can trust.

94%+ Fix Acceptance Rate, As-Is

The vast majority of Gomboc’s pull requests are merged without modification, reflecting high confidence in both accuracy and relevance.

$100K Savings per Cloud Workload

Equivalent to the cost of engineering effort avoided per workload.

MTTR Reduced From Months to Minutes

Automated, merge-ready fixes eliminate long remediation cycles and close security gaps as soon as issues are detected.

50+ Engineering Days Saved per Cloud Workload, Annually

Engineers stop researching, rewriting, and revalidating fixes and spend that time shipping instead.

11× Reduction in Misconfiguration-Related Risk

Consistent, standards-aligned remediation reduces exposure and prevents drift without slowing releases or increasing operational overhead.

The Impact in Production

G2 Reviews

Gomboc.AI Reviews

Read G2 Reviews
G2 Reviews

Gomboc.AI Reviews

★★★★☆ 3.8 out of 5 (22 reviews)
Julian L.
Effortless Code Validation with Seamless Vscode Setup
★★★★☆

I like the easy setup and integration of Gomboc.AI in Vscode...

Daniel S.
Effortless Security Scanning with Quick PRs
★★★★☆

I like how Gomboc.AI frees up time for me to do more interesting...

Dan S.
Automated Security Fixes, Slightly Sluggish
★★★⯪☆

I love that Gomboc.AI is automated and doesn't require much...

Agustin W.
Effortless Setup, Robust Security Aid
★★★★⯪

I find that Gomboc.AI makes it a lot easier to identify and remediate security vulnerabilities...

Read G2 Reviews

Stay Ahead of the Curve

Drift Happens: Why Continuous IaC Validation is Non-Negotiable

Alright, let's talk about promises.
Infrastructure as Code (IaC) – Terraform

The Future of DevSecOps Is Deterministic

For years, DevSecOps has aimed to integrate security seamlessly into every phase of the software development lifecycle. Despite major advancements in tooling and cultural practices,

The Comprehensive Guide to Understanding Infrastructure as Code Security

Secure your cloud deployments with this guide to Infrastructure as Code (IaC) security.

Drift Happens: Why Continuous IaC Validation is Non-Negotiable

Alright, let's talk about promises. Infrastructure as Code (IaC) – Terraform

The Future of DevSecOps Is Deterministic

For years, DevSecOps has aimed to integrate security seamlessly into every phase of the software development lifecycle. Despite major advancements in tooling and cultural practices,

The Comprehensive Guide to Understanding Infrastructure as Code Security

Secure your cloud deployments with this guide to Infrastructure as Code (IaC) security.