Upwork Eliminates IaC Security Debt and Reclaims up to 200 Engineering Hours in a Month with Gomboc

In the first 30 days, Upwork, the world’s human and AI-powered work marketplace, used Gomboc to: 

Save 125–200 engineering hours on security remediation 

Automatically fix misconfigurations across 250+ Terraform repositories 

Cut remediation time per repo from an hour to under 20 minutes 

Standardize enforcement across 336 Terraform codebases 

No backlog, no burnout. Deterministic, policy-aligned security fixes completed automatically. 

The Challenges

Upwork’s infrastructure teams managed hundreds of Terraform repositories powering their global platform. Security scans surfaced IaC issues, but fixing them drained engineering time. Each fix required engineers to: 

  • Interpret complex scanner findings
  • Write and validate Terraform patches manually 
  • Handle PR reviews and coordinate merges

At scale, this slowed releases, built up security debt, and made consistent enforcement nearly impossible. 

The Solution 

Gomboc introduced deterministic AI-powered remediation directly into Upwork’s workflow. Instead of manual interpretation, Gomboc produced correct, merge-ready Terraform fixes automatically aligned with internal policies. 

The platform standardized fixes across all repositories, enforced policies during pull requests, and blocked noncompliant changes before merge. Security work shifted from tickets to the natural development flow. 

Automated fixes included

Customer Speak 

Gomboc eliminated weeks of manual remediation across our Terraform repositories. Instead of reviewing alerts, our engineers reviewed fixes that Gombac recommended. That shift saved significant time while improving consistency and security.”

- Shawn Chakravarty,
Sr. Director of Active Defense at Upwork and SANS Certified Instructor

The Bottom Line

Gomboc turned IaC security from a drag on delivery into a continuous, automated advantage. Instead of just finding issues, Upwork removed the effort of fixing them and achieved measurable ROI through deterministic AI. 

About Gomboc.AI

Gomboc.AI is a leader in Automated Cloud Security Assessment (ACSA) and the only platform delivering 100% accurate, deterministic fixes. Built for DevOps and platform teams, Gomboc turns cloud and IaC findings into safe, merge-ready remediations that scale without slowing delivery.