International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 12 Issue: 12 | Dec 2025
p-ISSN: 2395-0072
www.irjet.net
Detecting and Remediating Cloud Infrastructure Misconfigurations Using Large Language Models on Infrastructure-as-Code Veer Sanghvi1, Krrish Limbachia2, Sujal Shah3 1B.Tech, Department of Cybersecurity with Hons. in Blockchain, Shah and Anchor Kutchi Engineering College,
Mumbai, India
2B.Tech, Department of Cybersecurity with Hons. in Blockchain, Shah and Anchor Kutchi Engineering College,
Mumbai, India
3B.Tech, Department of Cybersecurity, Shah and Anchor Kutchi Engineering College, Mumbai, India
---------------------------------------------------------------------***--------------------------------------------------------------------configurations as source code, organizations can apply Abstract: Infrastructure-as-Code (IaC) has transformed
software development best practices like version control, automated testing, and continuous integration/deployment (CI/CD), resulting in greater consistency and reduced operational overhead. The declarative nature of IaC tools like terraforming is particularly effective: developers specify the desired infrastructure state, and the tool then determines and executes the necessary steps, abstracting away procedural complexities.
cloud resource management, offering unprecedented speed and consistency. However, this has also introduced a major security challenge: cloud infrastructure misconfigurations, a leading cause of data breaches. Current rule-based static analysis tools struggle with the complexity of modern cloud architectures, leading to high false-positive rates and a lack of operational context.
This paper proposes a novel, two-stage framework leveraging Large Language Models (LLMs) to overcome these limitations. The first stage uses a code embedding and classifier model for highly accurate misconfiguration detection in Therefrom code, significantly reducing false positives compared to traditional tools. The second stage employs a fine-tuned generative LLM to automatically produce syntactically correct and secure code remediation’s. Our experimental evaluation, using a custom dataset of vulnerable and fixed IaC snippets, shows that the proposed detection model outperforms established baselines like t fsec and Check over. Furthermore, the remediation model effectively generates high-quality fixes, marking a significant step towards self-healing cloud infrastructure. This research demonstrates the potential of LLMs to move beyond simple detection and provide intelligent, contextaware, and automated security for modern cloud environments.
1.2 The Security Challenge of IaC Misconfigurations
Key Words: Cloud Security, Infrastructure-as-Code, Large Language Models, Misconfiguration Detection, Automated Remediation, Static Analysis, Terra form, Dev Ops Security.
While Infrastructure-as-Code (IaC) offers substantial benefits, its declarative abstraction introduces new security risks. This abstraction can hide the serious security implications of minor configuration changes, making it a common source of human error. As a result, cloud infrastructure misconfigurations have become a primary cause of cyber-attacks. Industry analysis consistently shows that misconfigurations are behind most cloud data breaches, with some reports blaming customer error for up to 99% of cloud security failures. These errors include overly permissive firewall rules leading to unrestricted network access, public exposure of sensitive data in storage buckets, hardcoded credentials, and excessive user permissions. Such vulnerabilities can lead to severe consequences, including significant financial losses, regulatory fines (like those seen in the Capital One data breach caused by a misconfigured web application firewall), and irreversible reputational damage.
1. INTRODUCTION
1.3 Limitations of Current Static Analysis Tools
1.1 The Rise of Infrastructure-as-Code
To counter the threat of cloud infrastructure misconfigurations, the industry primarily uses Static Application Security Testing (SAST) tools, such as tfsec and Chekov, which are specifically designed for Infrastructure-as-Code (IaC). These tools function by parsing IaC files and applying a predefined set of rules to identify potential misconfigurations.
Cloud computing has revolutionized how organizations build and manage IT infrastructure. A key enabler of this change is Infrastructure-as-Code (IaC), which involves defining and provisioning infrastructure through machinereadable files instead of manual setup. IaC is fundamental to modern DevOps, allowing teams to deliver applications and their supporting infrastructure with unprecedented speed, reliability, and scalability. By treating infrastructure
© 2025, IRJET
|
Impact Factor value: 8.315
However, this rule-based approach has inherent limitations, despite its value in enforcing baseline security.
|
ISO 9001:2008 Certified Journal
|
Page 431