Faster, but Dumber: The Cost of AI-Generated IaC

There's a strange duality to AI-generated IaC: it feels effortless, yet somehow riskier than starting from scratch. You ask for a module, get a plausible-looking output, and for a second, it feels like cheating—in a good way. Until it breaks. Or worse, until it almost works.

Terraform and Ansible generated by GPT often looks right. It uses the right resources, roughly the right arguments, and the structure feels familiar. But context is missing. IAM policies are often overly permissive. Modules are stitched together with no thought to state management. Networking assumptions are laughably naive. It's infrastructure Mad Libs.

AI can mimic structure, but it doesn't understand systems thinking, yet. It doesn't know why we isolate stateful services. It doesn't model tradeoffs. So instead of reusable patterns, you get something that looks modular but breaks when reused. You get templates with no tests, scaffolding with no validation, and variables that don't map to reality.

You can craft the world's most precise prompt, and AI will still misfire if the foundation is wrong. It might rely on outdated provider versions. It might use deprecated flags. I've seen it include community modules that haven't been maintained in three years. The prompt wasn't bad—the model just isn't reading the release notes.

Early on, I ran a quick experiment. I asked GPT to take a single AWS Terraform resource and build a reusable module from it. Nothing fancy—just a competence check. The result was... underwhelming. It was barely more useful than the example in the Terraform docs. Worse, it didn't even work—GPT kept inserting parameters the resource didn't support. I repeated the test with different resources, and the pattern held. It wasn't malicious. Just ignorant. That was the moment I realized: I'd need a better approach. AI wasn't going to replace the registry, and it wasn't ready to generate production-grade modules on its own.

The danger isn't that AI gets things wrong—it's that it gets them convincingly wrong. Copy-paste is easy. Validation is hard. And when IaC fails, it fails at deployment time, not commit time. You don't just break tests—you break systems. And if you don't fully understand the failure, you risk institutionalizing fragility.

Don't Ban It. Fence It.

AI doesn't need to be locked out of your tooling stack—it just needs a role. And that role isn't "lead architect." Used well, GPT can be a sharp junior partner. In my day-to-day work, I build infrastructure wrappers—stacks that abstract the base modules, span environments and accounts, and plug into CI/CD from source. It's complex, repetitive, and easy to lose flow. Here, GPT shines. It's like pair programming with a bot that never gets tired. It helps me scaffold pipelines, catch missing glue, and push through the mechanical bits faster than going solo.

But even then, I'm in control. I'm editing, validating, adjusting. That's the key. GPT accelerates output, but it doesn't own the output. I do.