Davlet Cloudgeni

Your AI can accelerate infrastructure, just like it can destroy it. We spent a year figuring out the architecture that makes the difference. Sandboxing, credentials, change control, policy guardrails, observability — all open-sourced. 13 chapters. ⭐ github.com/Cloudgeni-ai/i…

Agent runtimes today are built for one developer. OpenClaw, pi, Claude Code — single user, single workspace, one set of credentials. Orgs need a different shape: multi-tenant, scoped credentials per task, audit per user, workflows shared across teams. Welcome OpenGeni - blog.cloudgeni.ai/introducing-op…

Almost 500 watched my talk yesterday at @iac_conf on building AI agents for infrastructure. Where unveiled opengeni.ai - a fully open-source platform with the best ideas from Cloudgeni that you can adapt to your own stack. Built for teams that want best-in-class tech with proper guardrails.

Terraform 1.15 dropped yesterday. No big changes, which is probably why it will be overlooked by most. So I thought to write about a few things about it that still might be worth upgrading for. @davletd/terraform-1-15-the-small-print-is-where-it-gets-interesting-ae118e7088aa" target="_blank" rel="nofollow noopener">medium.com/@davletd/terra…

Presenting at #IaCConf 2026 🎉 Hands-on workshop: build infrastructure agents that won't leak credentials or nuke your prod environment. The "is AI useful?" debate is over — it's all about deploying it safely now. Everything open source: github.com/Cloudgeni-ai/i… Also have an OSS announcement dropping soon 👀 Register: iacconf.com/iacconf-2026

Wrote a full guide on every way to do this import. From the tool that's been archived since March (don't use it) to what we built and why it actually finishes. blog.cloudgeni.ai/the-definitive…

The reasons to stay on ClickOps are disappearing fast. Cost — gone. Time — gone. What's left: the audit gaps, the security drift, the VNet nobody understands because the person who built it left two years ago. Those don't go away on their own.

AI isn't fixing all of engineering. But you can build tight, focused tools around concrete problems with concrete outcomes. Import this mess. Generate code that actually matches what's running. Run until there's no diff. That's the whole thing.

2 years ago: $200k, 12 months, a consulting team. Last year: $15k, 3 months. Today: $79/mo, one engineer, one weekend. Moving legacy cloud to IaC used to be a project. Now it's a Tuesday.

When your customers start to meme about you, that's when you know you made an impact 😀

300+ likes, 42 comments and 22 reposts. Because it is simple and it works. The agentic capabilities that most knowledge workers take for granted? Infra teams couldn't touch them — until now. Run Claude or Codex in fully agentic mode, with the rich context of your entire infrastructure, executing in sandboxed cloud containers. From anywhere.

AI is crumbling the old moats. The new edge? Talent that can use new tools to write new rules. Proud to have that on our team 💪 Jørgen and friends just finished 4th at the Norwegian AI Championship — 0.1 from 3rd, 0.2 from 2nd. An absolute photo finish. Congrats @jorgensandhaug and team 🚀

@Lockhead Nice breakdown. If someone’s turning that into practice: pick 1 tiny stack (e.g., VPC+EKS+IRSA), codify it end-to-end, add CI linting (fmt/validate/tflint), then add drift detection + policy checks The habits matter more than the tool choice.

digestible, actionable content: ✅ Cloud architecture fundamentals ✅ Container orchestration with Kubernetes ✅ Infrastructure as Code practices ✅ DevOps automation workflows ✅ Real-world implementation strategies The best part? Everything is explained clearly, without (2/3)

Remember when cloud computing felt overwhelming? The terminology, the platforms, the endless configuration options... it can be intimidating. That's exactly why channels like @lockheadcloud exist. 💡 This YouTube resource breaks down complex cloud concepts into 🧵

@NickCiambrone @RandallKanna Big +1, we start with bounded automations: first enrichment (logs/metrics/context) and second remediations behind feature flags (restart, scale, rollout undo). Full ‘auto-fix’ needs strong perms + rollback

@RandallKanna Exactly. The most valuable skill is devops automation with ai agents. If you can build agents that monitor problems with code / infrastructure and respond accordingly, you’ll save a lot of IT folks from having to wake up to fix issues- and make a lot of money.

The highest performing engineers of the next decade won’t write more code. They’ll design systems where AI writes the code. The AI-First Engineer

@techbadger_ 100%. Most “agent disasters” are just missing permission models. Agents with root access are just chaos

There's an interesting dynamic happening in the AI/DevOps space: We're building guardrails AFTER the disasters instead of before them. Claude Code nuked a production database. Terraform destroying shared state files. Agents with admin access doing whatever they want etc The pattern is always the same: tools that feel frictionless until they're catastrophic. Now we're scrambling to add manual approval gates, policy-as-code engines, and hard boundaries that probably should have existed from day one. The speed has been intoxicating. The recovery process is sobering. Maybe the real lesson isn't "don't use agents" - it's that we need to stop treating production infrastructure like a playground for automation experiments. DevOps principles did not vanish away because we have a new AI wave !!! Even humans don't get direct prod access at most companies. Why did we think giving it to a language model was a good idea?

@RamuChelloju Terraform apply is the easy part 🙂 The stuff that saves you later is all the guardrails and checks around :)

Terraform in simple terms: Instead of clicking 100 buttons in the cloud console… Write it once in code Run terraform apply Let automation do the rest. Infrastructure as Code for the win. #DevOps #Terraform #aws

@nyike This. MCP servers are basically infra products. I’d add: per-tool scopes (authz), request signing/replay protection, deterministic dry-run endpoints, and contract tests + deprecation windows. Also a kill switch, because eventually… you’ll need it.

Treat MCP servers as products, not plumbing. That means lifecycle versioning, non& #8209;breaking schema evolution, sandbox vs prod endpoints, and SLOs for latency and reliability. #AI #DevOps #MCP infoworld.com/article/412461…

@WirelessLife +1. Treat agents like untrusted code: isolated runner, no long-lived creds, OIDC-per-job, least privilege, and don’t pipe secrets through env like it’s 2011. Bonus: log every tool call so audit isn’t “trust me bro”.

If your AI agent can access secrets, your CI/CD pipeline is already vulnerable. GitHub’s Agentic Workflows assume agents are untrusted. Smart architecture > blind trust. Read: github.blog/ai-and-ml/gene… #DevOps #AIEngineering

@heyyritik_ Agents aren’t overhyped, they’re overscoped. If it’s read-only by default + scoped creds + policy checks + “plan then human approve”, it’s useful. If it can freestyle apply in prod… that’s not an agent, that’s a liability generator.

AI agents are overhyped in 2026 great for simple tasks, but for real DevOps pipelines? Still need humans who understand chaos. Change my mind. (Cursor/Claude gang incoming in replies lol)

An AI agent just wiped a production database. Full VPC, RDS, ECS cluster — gone. 2.5 years of data. Each step the agent took made logical sense. That's exactly the problem. This is the story we know about. How many go unreported? We built a guide for this: github.com/Cloudgeni-ai/i… Full incident: alexeyondata.substack.com/p/how-i-droppe…

@diabhey is building ArchByte to make your agents smarter and access data they need. Check it out. We specifically describe these approaches in data plane chapter. Cool to see new services solving these problems in practice!