Infrastructure as Code in the AI Era: How Terraform, Pulumi

The IaC Landscape Has Never Been More Contested

Infrastructure as Code has evolved from a DevOps best practice to the default operating model for any organization running production cloud workloads. The Firefly State of IaC 2025 report found that Terraform still commands roughly 62% market share among IaC practitioners, but only 47% plan to continue using it long-term. Meanwhile, 59% of teams now deploy infrastructure through CI/CD or GitOps pipelines, up from around 45% the year before. Despite this momentum, just 6% of organizations have reached full cloud codification, where every resource is defined and managed through code.

But 2026 finds the IaC landscape in genuine upheaval. IBM completed its $6.4 billion acquisition of HashiCorp in February 2025, raising questions about Terraform’s open-source future under the Business Source License (BSL) adopted in August 2023. The OpenTofu fork, now a CNCF sandbox project backed by the Linux Foundation, has reached production maturity and passed 10 million GitHub downloads. Pulumi’s programming-language approach and AI-native tooling are winning converts among platform engineering teams.

The newest disruptor is AI itself. GitHub Copilot, Amazon Q Developer, and Pulumi AI can now generate Terraform and Pulumi configurations from natural language prompts. The question is no longer whether to use IaC, but whether AI-generated infrastructure code is reliable enough for production, and what that means for the infrastructure engineering role.

Terraform Under IBM: Stability or Stagnation?

IBM’s acquisition of HashiCorp was the largest infrastructure software deal of 2024. Announced in April 2024 and closed in February 2025 after UK CMA clearance, the rationale was to combine HashiCorp’s infrastructure automation suite (Terraform, Vault, Consul, Nomad) with IBM’s hybrid cloud portfolio anchored by Red Hat OpenShift. In theory, this creates an end-to-end platform for multi-cloud infrastructure management.

In practice, the community response has been anxious. HashiCorp’s August 2023 switch from the Mozilla Public License (MPL 2.0) to the Business Source License had already fractured trust with the open-source community, leading directly to the OpenTofu fork. IBM’s ownership adds a second layer of uncertainty. A ControlMonkey survey found that 45% of DevOps teams are now evaluating IaC alternatives in the wake of the acquisition. IBM’s track record with open-source acquisitions is mixed: Red Hat has maintained its upstream contributions and community governance, but other IBM-acquired projects have seen reduced community investment.

Terraform Cloud and Terraform Enterprise pricing remain a concern. IBM announced global software price increases of 6% in 2025 and up to 10% in 2026, and while those apply to the broader IBM portfolio rather than Terraform specifically, the direction is clear. For multi-cloud shops that use Terraform to manage AWS, Azure, and GCP resources, an IBM-centric commercial model is a poor fit.

OpenTofu, Pulumi, and the Alternatives

OpenTofu, the Linux Foundation-backed fork of Terraform, reached version 1.11 in December 2025, featuring ephemeral resources, write-only attributes, and the enabled meta-argument for cleaner conditional resource creation. The project was accepted as a CNCF sandbox project in April 2025, a governance milestone that signals institutional backing. Adoption is growing: the Firefly State of IaC 2025 report found that 12% of organizations are already using OpenTofu, with 27% planning to adopt it. About 5% of teams have completed full migrations from Terraform, with another 6% planning to make the switch within a year. Spacelift reports that roughly half of deployments on its platform now run OpenTofu, and enterprise adopters like Fidelity have completed large-scale production migrations.

Pulumi takes a fundamentally different approach. Instead of a domain-specific language (HCL for Terraform), Pulumi lets engineers define infrastructure using TypeScript, Python, Go, or C#. This eliminates the learning curve of a new language, enables standard testing frameworks (Jest, pytest), and allows infrastructure definitions to live alongside application code in the same repository and CI/CD pipeline.

Pulumi’s enterprise growth has been strong. The company raised $41 million in Series C funding in October 2023, bringing total funding to $99 million. Revenue more than doubled from $7.6 million in 2023 to $17.3 million in 2024, and more than half of the Fortune 50 now use the platform. In 2025, Pulumi launched Neo, an AI assistant purpose-built for platform engineering, alongside an MCP server integration that connects with GitHub Copilot, Claude Code, and Cursor. For platform engineering teams building internal developer platforms (IDPs), Pulumi’s programming-language model integrates more naturally with application delivery pipelines than HCL-based tools.

AWS CDK (Cloud Development Kit) and Google Cloud’s KRM (Kubernetes Resource Model) offer cloud-specific alternatives, but their single-cloud scope limits appeal for multi-cloud strategies. Crossplane, the Kubernetes-native IaC tool, graduated from the CNCF in November 2025 with version 2.0 introducing support for AI-driven operations. With over 3,000 contributors from more than 450 organizations, Crossplane has carved a real niche among teams deeply committed to the Kubernetes control plane model, though its complexity still limits broader adoption.

AI-Generated Infrastructure Code: Promise and Peril

The most provocative development in IaC is the emergence of AI-assisted code generation. Pulumi AI, launched in 2023 and evolved into Pulumi Neo through 2025, can generate complete Pulumi programs from natural language descriptions. GitHub Copilot, trained on millions of Terraform configurations from public repositories, can autocomplete HCL with striking accuracy, with acceptance rates of 36-40% for Terraform suggestions in recent benchmarks. Amazon Q Developer (which absorbed CodeWhisperer in April 2024) offers infrastructure code suggestions integrated with the AWS console, including purpose-built support for HCL developed in collaboration with HashiCorp.

The productivity gains are real. Pulumi reports that complex provisioning tasks that previously took days, such as setting up a PyTorch training environment on GKE with multiple GPU nodes, can now be completed in minutes with Neo. One enterprise customer used Neo to tackle over 300,000 policy violations, work they estimated would have taken years through manual effort.

But production readiness is another matter. AI-generated infrastructure code frequently contains security misconfigurations: public S3 buckets, overly permissive IAM policies, missing encryption-at-rest settings, and default VPC configurations that violate zero-trust principles. The Cloud Security Alliance found that 62% of AI-generated code solutions contain design flaws or known security vulnerabilities. Veracode’s 2025 GenAI Code Security Report, which tested over 100 large language models, found that AI-generated code introduced risky security flaws in 45% of tests. Apiiro’s research showed AI-generated code was introducing over 10,000 new security findings per month across monitored repositories by mid-2025, a tenfold spike in just six months.

The practical path forward is AI-assisted drafting combined with automated policy enforcement. Tools like Open Policy Agent (OPA), HashiCorp Sentinel, and Checkov can validate AI-generated configurations against security policies before deployment. The human role shifts from writing every line to reviewing, refining, and approving AI-generated infrastructure definitions, a pattern that mirrors how AI is changing application development.

What This Means for Infrastructure Teams in 2026

The IaC market is splitting into two tracks. Track one is the established Terraform/OpenTofu ecosystem, where the primary decision is commercial Terraform versus the open-source fork, and where AI assistance is additive rather than transformative. Track two is the programming-language-native approach (Pulumi, AWS CDK), where AI code generation integrates more naturally and platform engineering teams can leverage existing software development practices.

For organizations starting their IaC journey, the choice is clearer than it was two years ago. Pulumi offers a lower barrier to entry for teams with strong programming backgrounds and a more natural AI-assisted workflow. OpenTofu provides Terraform compatibility without IBM vendor risk. Commercial Terraform remains the safe enterprise choice, but at increasing cost and with decreasing community momentum.

The infrastructure engineer’s role is evolving. Writing HCL or YAML by hand is increasingly a junior task; senior engineers focus on architecture patterns, policy frameworks, blast radius management, and the governance models that make AI-assisted infrastructure safe. Platform engineering, the discipline of building self-service infrastructure platforms for development teams, is absorbing much of what was traditionally called DevOps. Gartner predicts that 80% of large organizations will embrace platform engineering by 2027, up from less than 30% in 2023.

Frequently Asked Questions

Sources & Further Reading

• Firefly State of IaC 2025 Report — Firefly
• IBM Closes $6.4B HashiCorp Acquisition — TechCrunch
• OpenTofu 1.11 Release and CNCF Sandbox Acceptance — OpenTofu
• Pulumi 2025 Product Launches: Neo, Policies, and Platform Engineering — Pulumi Blog
• Understanding Security Risks in AI-Generated Code — Cloud Security Alliance
• Veracode 2025 GenAI Code Security Report — Veracode
• 4x Velocity, 10x Vulnerabilities: AI Coding Assistants Are Shipping More Risks — Apiiro
• Crossplane Graduates from CNCF — CNCF
• Platform Engineering Predictions — Gartner
• HashiCorp Adopts Business Source License — HashiCorp