AI infrastructure incidents hit 93%, Spacelift warns

Spacelift has published research showing that 93% of organisations have experienced AI-caused infrastructure incidents. The survey also found that only 19% have built what the report describes as the governance foundations needed for AI readiness.

The findings are based on a survey of 406 IT decision-makers and platform engineering leaders in North America, conducted by Panterra Group among organisations with 250 or more employees.

The report argues that AI-led software development is moving faster than infrastructure teams can control, creating what it calls an AI readiness gap. According to the research, that gap is driving security misconfigurations, compliance breaches and unplanned incidents.

Some 67% of respondents said development is ahead of infrastructure in AI adoption, while 86% said AI has increased demands on infrastructure teams. That pressure is feeding into operations, with 40% reporting security vulnerabilities appearing faster and the same share saying governance is becoming harder.

Another 37% cited higher change volume, while 35% pointed to increased pipeline strain and a similar share said they were seeing more infrastructure drift.

Governance gap

A central finding is the contrast between confidence and formal controls. The survey found that 86% of infrastructure leaders were confident in their organisation's ability to govern AI, but only 30% said they had a formal AI governance policy in place.

The gap was wider among organisations the report classed as "Exposed". In that group, 70% said they were confident in their governance arrangements, yet only 4% had a formal policy.

By contrast, 71% of organisations in the "Pioneer" category said they actively enforce a formal governance policy. Nearly a quarter of that group said they had no outstanding AI governance concerns because their controls made risks manageable.

The study introduces an AI Maturity Index, which places organisations into four groups based on AI readiness. Some 19% fell into the Pioneer category, 25% were classed as Outpacing, 32% as Fragmented and 24% as Exposed.

The index assesses organisations across five measures: AI integration depth, governance maturity, infrastructure automation maturity, risk exposure and platform readiness.

Infrastructure coding

The research also suggests that AI-generated code is becoming common in infrastructure work as well as software development. It found that 79% of respondents use AI to generate developer code without thorough review, while 78% said the same applies to infrastructure as code and policy as code.

One of the sharper findings concerns production use. A third of infrastructure teams said they would apply AI-generated HCL directly to production without any review, and a further 43% said they would do so with only minimal review.

Pioneer organisations were more likely than Exposed ones to use AI-generated infrastructure code in this way, at 86% versus 69%. The report says the difference is that more mature organisations place such activity inside governed pipelines with automated validation and policy enforcement.

Paweł Hytry, Co-Founder and Chief Executive Officer at Spacelift, said the data shows a widening disconnect between adoption and oversight. "The findings are unambiguous: organizations are using AI to generate infrastructure code at a rate their governance frameworks were never designed to handle," Hytry said.

He linked the issue to a broader problem in how organisations assess risk. "Last year we identified a gap between perceived automation maturity and actual execution. This year, the gap has moved to governance. Teams are confident they're governing AI well, but the incident data tells a very different story," Hytry said.

The report also points to a shortfall in AI-specific measurement. Most organisations continue to track established operational metrics such as productivity, deployment frequency and security incidents, but do not measure indicators tied directly to AI-generated infrastructure changes.

"Only 15% track the volume of AI-generated IaC moving through their pipelines, and just 20% track error rates of AI-generated changes. If organizations are not measuring AI-specific outputs, they are operating in the dark," Hytry said.

Agentic plans

Despite the governance concerns, respondents indicated a strong appetite for broader AI use in infrastructure. The survey found that 89% plan to adopt agentic AI for infrastructure.

John Garrett, Managing Director at Panterra Research, said the organisations that stand out are not simply the ones moving fastest. "Last year, organizations overestimated their automation maturity. This year, they're overestimating their governance readiness," Garrett said.

He said the pattern in the survey favoured firms that put rules in place before scaling AI use. "The organizations that stand out are not the ones using AI the most aggressively. They are the ones that built governance frameworks before AI dramatically increased the speed and complexity of infrastructure demands on platform teams. That's the pattern every infrastructure leader should be studying," Garrett said.