Infrabase scans code and organizational context to surface security gaps, cost spikes, and policy breaks before they ever hit your cloud. It allows you to define rules in natural language to manage your cloud account.
Policy-as-code is one of those things that everyone knows should be done, but in practice is rarely implemented.
We believe this is caused by the combination of the following 2 factors:
- Tools OPA [1] and cloud custodian [2] are cumbersome to set up, so writing even a single policy/ setting it up in your organisation takes a lot of effort.
- Each policy project needs to start from scratch because policies aren't re-usable
Infrabase checks your infra with an LLM instead of policies directly (currently a combination of gemini-2.5-pro-preview-05-06 and o4-mini). You can write your own policies as natural language [3] prompts to customize behaviour.
Should you use this at a fortune 500 company? Absolutely not, not yet at least.
Should you use this if your organisation has zero policies right now and your devops team is burnt out because of manual support? Yes. This MAY help your team.
Infrabase is still early: non-determinism and latency are open problems. But for most teams, “some guard-rails today” beats “perfect rego never”, and llm's are only getting better.
if this keeps me from ever touching OPA again, I’ll be the first in line.
A friend of mine manages DevOps at a small fintech startup and complains constantly about how manual their cloud compliance is. I think this could be a great shortcut for him, definitely sharing it.
