We read a recent Gartner research note on agentic AI in infrastructure and operations, and one line kept echoing in our head long after we closed the PDF.
We are about to let machines make production changes at machine speed.
That sounds obvious. It also sounds exciting. But if you have spent any real time running infrastructure, it should make you slightly uncomfortable.
There is a big difference between AI that suggests something and AI that does something.
When a copilot suggests a Terraform fix, nothing happens until a human reviews it. There is friction. There is hesitation. There is accountability. That friction is not inefficiency. It is control.
But now we are moving toward agents that plan workflows, trigger actions, write to systems of record, and chain operations across tools. At that point the model is no longer assisting. It is acting. And the system does not care that the model is “usually right.”
This is where the industry conversation feels shallow to us.
Most of what we see focuses on prompts, better reasoning, reducing hallucinations, tuning guardrails at the model layer. That is useful, but it is not where the real risk sits.
The real issue is that AI models are probabilistic systems. Infrastructure is not.
Infrastructure enforces things in binary. A policy either blocks the change or it does not. An admission controller either denies the workload or it allows it. A permission either exists or it does not. There is no “mostly safe” state in production.
If you combine probabilistic decision making with deterministic infrastructure without thinking very carefully about where enforcement lives, you are essentially scaling uncertainty.
And uncertainty at machine speed becomes an outage at machine speed.
What struck me most in the research was the emphasis on containment. Not rollback. Containment.
Rollback is what you do after something breaks. Containment is what prevents it from spreading.
If an AI agent starts making incorrect assumptions and pushing changes across dozens of repositories, the question is not “can we fix it later.” The question is “how quickly can we stop it.”
Can you revoke its privileges instantly?
Can you downgrade its autonomy automatically?
Can you force all actions through a single governed execution path?
Can you reconstruct exactly what happened, in order, with full context?
Most teams we talk to cannot answer those questions with confidence. They have logs. They have monitoring dashboards. They have change management processes written down somewhere. But that is not the same as having deterministic controls in the execution path.
There is another idea that we think is critical: autonomy is not a feature you flip on. It is something you earn.
You do not move from “recommend” to “execute” because the demo looked good. You move there because you have evidence that the system behaves predictably under constraint. You start with low impact tasks. You bound scope. You cap rate. You restrict privilege. And then you watch.
If reliability improves and intervention decreases, maybe you expand. If cost spikes or failure rates creep up, autonomy contracts automatically. That is how grown up systems evolve.
AI in DevOps is not going to fail because the models are stupid. It will fail because teams assume probabilistic systems can be trusted without deterministic enforcement.
They cannot.
If an AI can write to production, the infrastructure must be able to say no. Not politely. Not conditionally. Unequivocally.
This is the lens we have taken at Gomboc. We were never interested in building another suggestion engine. The world has plenty of those. What infrastructure needs is enforcement that is policy bound, auditable, and integrated into the same Git and CI pathways teams already trust.
Infrastructure does not need more guesses. It needs guarantees.
The future of AI in operations is not about who has the best chat interface. It is about who can combine intelligent automation with hard, deterministic control.
Autonomy is powerful. It will absolutely reshape how operations teams work. But if we do not design containment and enforcement first, we are not building intelligent systems. We are building faster ways to break things.
And infrastructure has never been forgiving about that.
