AI Remediation
Get ready-to-deploy Terraform and CloudFormation code for every security finding.
How It Works
1. Select a finding
Click any finding in the Findings dashboard and select 'Get Remediation'.
2. AI generates the fix
We send the finding type, affected resource, and severity to Azure OpenAI. The model generates IaC code to fix the specific issue.
3. Review and apply
Copy the Terraform or CloudFormation code, review it in your editor, and apply it to your infrastructure.
IaC Formats Supported
Terraform (HCL)
Full resource blocks using the latest AWS provider syntax. Includes required providers, resource definitions, and variable references.
AWS CloudFormation (YAML)
Ready-to-deploy CloudFormation templates. Can be applied directly or integrated into your existing stacks.
AI Interpretation
In addition to fix code, we generate a plain-English interpretation of every finding:
- What it means: A clear explanation of the finding without security jargon
- Why it matters: The business and technical risk if left unfixed
- Blast radius: Which other resources or users could be affected
- Effort estimate: Low / Medium / High effort to remediate
Example
For the finding "S3 bucket allows public read access", the AI generates:
# Terraform fix
resource "aws_s3_bucket_public_access_block" "example" {
bucket = aws_s3_bucket.example.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}Privacy — What We Send to AI
We send only the following to Azure OpenAI:
- Finding type and description (e.g. "S3 bucket public access")
- Affected resource type and region (e.g. "aws_s3_bucket, us-east-1")
- Severity level
We do not send account IDs, resource names, personal data, S3 contents, or any sensitive credentials.
Availability
AI remediation and interpretation are available on Pro and Assessment plans. The Free tier includes posture score and top 10 findings without AI features.