Spacelift Survey: 93% of Organizations Have Experienced AI-Caused Infrastructure Incidents as 'Vibe Coding' Spreads to Infrastructure

Second annual State of Infrastructure Automation report finds only 19% of organizations have built the governance foundations needed for AI readiness, even as 89% plan to adopt agentic AI for infrastructure

REDWOOD CITY, Calif., June 24, 2026 /PRNewswire/ -- Spacelift, the company behind the infrastructure orchestration platform built for the AI-accelerated software era, today released the findings of its 2026 State of Infrastructure Automation report. The second annual survey of 406 IT decision-makers and platform engineering leaders reveals that AI-accelerated development is outpacing infrastructure teams' ability to govern it, creating a widening "AI-infrastructure gap" that is already producing security misconfigurations, compliance violations and unplanned incidents at scale.

The research, conducted by Panterra Group among North American infrastructure decision-makers, introduces the AI Maturity Index (AIMI), which segments organizations into four categories based on their AI readiness:

• Pioneer (19%)
• Outpacing (25%)
• Fragmented (32%)
• Exposed (24%)

The index evaluates behavior across five dimensions:

• AI integration depth
• Governance maturity
• Infrastructure automation maturity
• Risk exposure
• Platform readiness

This year's report finds that most organizations don't yet have the AI governance frameworks required for today's AI-driven infrastructure workflows.

"The findings are unambiguous: organizations are using AI to generate infrastructure code at a rate their governance frameworks were never designed to handle," said Paweł Hytry, co-founder and CEO of Spacelift. "Last year we identified a gap between perceived automation maturity and actual execution. This year, the gap has moved to governance. Teams are confident they're governing AI well, but the incident data tells a very different story."

According to Hytry, the governance gap is compounded by a measurement gap: Most organizations are only tracking pre-AI metrics (team productivity, deployment frequency, security incidents, etc.) while few are also collecting the AI-specific signals that would reveal whether governance is actually working. "Only 15% track the volume of AI-generated IaC moving through their pipelines, and just 20% track error rates of AI-generated changes. If organizations are not measuring AI-specific outputs, they are operating in the dark," added Hytry.

The full report includes five recommendations for closing this gap, from prioritizing IaC coverage to building agentic governance frameworks before the first autonomous workflow goes live.

Key Findings

The AI-Infrastructure Gap Is Already Measurable

Sixty-seven percent (67%) of respondents say development is ahead of infrastructure in AI adoption, and 86% say AI has increased demands on infrastructure teams. The downstream effects are compounding: 40% report security vulnerabilities appearing faster, 40% say governance is getting harder, 37% cite higher change volume, 35% report increased pipeline strain, and 35% see growing infrastructure drift.

A Governance Paradox Is Masking Systemic Risk

86% of infrastructure leaders say they are confident in their organization's ability to govern AI, but only 30% have a formal AI governance policy in place. Among Exposed organizations, the disparity is stark: 70% express confidence in their governance capabilities, yet just 4% have a formal policy. By contrast, 71% of Pioneer organizations actively enforce a formal governance policy, and 24% report having no outstanding AI governance concerns because their controls make the risks manageable.

Vibe Coding Has Penetrated Infrastructure and Policy Layers

The use of AI to generate code without thorough review is nearly identical across developer code (79%), infrastructure as code/HCL (78%), and policy as code (78%). One-third (33%) of infrastructure teams say they would apply AI-generated HCL directly to production without any review, and an additional 43% would do so with only minimal review. Pioneer organizations vibe-code IaC at a higher rate than Exposed ones (86% versus 69%), but they do it inside governed pipelines with automated validation and policy enforcement.

"Last year, organizations overestimated their automation maturity. This year, they're overestimating their governance readiness," said John Garrett, managing director at Panterra Research. "The organizations that stand out are not the ones using AI the most aggressively. They are the ones that built governance frameworks before AI dramatically increased the speed and complexity of infrastructure demands on platform teams. That's the pattern every infrastructure leader should be studying."

Webinar

On July 16, Spacelift will host a webinar to explore the survey findings and their implications. Guest participant Faisal Afzal, CNCF and Platform Engineering ambassador and Principal at AHEAD, will speak on platform engineering's role in closing the compliance gap. Register through this link. 

"Platform engineering teams are the ones best equipped to bring compliance and safety to infrastructure that AI now generates on its own," said Afzal. "The survey shows organizations plunging into agentic AI well ahead of establishing the governance to handle it. The most confident teams often have the least in place. Platform engineering closes that gap before it shows up in production."

Methodology

The 2026 State of Infrastructure Automation report is based on a survey conducted by Panterra Group in April 2026 among 406 IT decision-makers and platform engineering leaders with responsibility for infrastructure decisions. All respondents were based in North America and employed at organizations with 250 or more employees. Respondents were screened for their knowledge of infrastructure as code and their attentiveness to survey questions. The full report, including the AI Maturity Index self-assessment, is available at spacelift.io/infrastructure-automation-survey-2026.

About Spacelift

Spacelift is the infrastructure orchestration platform that manages your entire IaC lifecycle, from provisioning and configuration to governance. It integrates with Terraform, OpenTofu, CloudFormation, Pulumi, and Ansible in a single governed workflow so you deliver secure, compliant infrastructure at scale. Developer self-service, Golden Paths with guardrails, an OPA policy engine, and drift detection accelerate developer velocity while maintaining control. Spacelift Intelligence adds AI-powered provisioning and diagnostics across traditional and AI-driven workflows. See how Duolingo, Figma, Moody's, Checkout.com, 1Password, Redfin, and others trust Spacelift to manage their infrastructure at spacelift.io/customers. Learn more about the Spacelift platform and how it can help you overcome your infrastructure challenges at Spacelift.io. Sign up for a demo, or test the platform yourself with a free trial.

Media Contact:
Cristin Connelly
Cathey Communications for Spacelift
[email protected]

SOURCE Spacelift