Ordinary Experts

AI Agents in Your DevOps Workflow: What Actually Works

After a year of operating AI agents in DevOps workflows, we have a clearer picture of where they earn their keep and where they create more risk than value. Here's what's actually worked.

A year ago we wrote about Bedrock Agents in production: what was working, what wasn’t, what operational disciplines were needed. Since then we’ve spent a lot of time helping clients put AI agents specifically into DevOps workflows.

This post is a more focused update: where AI agents in DevOps actually earn their keep, where they don’t, and the operational patterns that make the difference.

Where they’re working

Five places we’ve consistently seen AI agents add value in DevOps workflows:

1. Pull request review and IaC validation

Already covered in our Q Developer in CodePipeline post and now widely adopted on our client engagements. Catches obvious mistakes, frees humans to focus on architectural review, and the cost is bounded.

2. Incident triage and runbook execution

Agents that take an alert, gather context (CloudWatch logs, recent deploys, related metrics), and produce a structured summary for the on-call engineer. The agent isn’t taking action; it’s reducing the time the human spends gathering context.

The teams using this well report meaningful reductions in mean time to resolution, especially for second- and third-tier escalations where context-gathering is the bottleneck.

3. Cost anomaly investigation

Cost Explorer flags an unusual spike. An agent investigates: which service, which account, which workload, what changed in the last week. Produces a summary with a hypothesis. Human confirms and remediates.

This pattern works because the data is structured and the action is bounded. Low risk, high leverage.

4. Infrastructure documentation generation

Agents that generate and maintain architecture documentation from CloudFormation, Terraform, or CDK source. This used to be a chore that nobody did consistently; now it’s a thing that runs nightly and stays current.

5. CHANGELOG and release-note drafting

A small one, but consistently popular. Pull a list of merged PRs, ask an agent to categorize and summarize, produce draft release notes. Saves the engineer fifteen minutes per release.

Where they’re creating risk faster than value

Three patterns we’ve grown more cautious about:

Auto-remediation of production issues

The temptation: an agent detects a problem, makes a change to fix it, alerts a human after the fact. The reality: the agent occasionally takes action based on incomplete information, and the cost of one bad call is much higher than the cost of human-in-the-loop response.

We’ve moved toward “agent recommends, human approves, agent executes” for any production change. The friction is the point.

Open-ended infrastructure modification

Agents given broad permissions to “fix” infrastructure based on natural language requests. Even with good guardrails, the failure modes are too broad. An agent that interprets a request slightly wrong and modifies the wrong stack creates real cleanup work.

We use bounded interfaces: agents that can perform specific, audited operations rather than agents with general access.

Automated dependency updates without human review

Letting an agent merge dependency PRs based on test results. Tests don’t always catch what matters. We’ve seen this go wrong enough times that we now require human review for any dependency change beyond patch versions, even in well-tested codebases.

Operational patterns that matter

A few things we’ve come to insist on:

Tool boundaries. Agents in DevOps workflows should have a small, explicit set of tools they can call. Not “AWS access,” but specific operations. The smaller the tool surface, the more predictable the behavior.

Output review surfaces. Every agent action should produce output a human can review. Not buried in logs, but surfaced in the system the team already uses (Slack, PR comments, runbook outputs).

Cost ceilings. Per-session, per-day, per-team. Cost runaway is the most common operational failure mode.

Eval pipelines. A repeatable test suite of representative inputs that runs against any agent change. Without this you can’t tell if a change improved the system or broke it.

Audit logs of agent actions. When something goes wrong, you need to be able to reconstruct what happened. Tool calls, model versions, prompts, outputs: all logged.

A simple rule of thumb

A useful test for whether an AI agent belongs in a DevOps workflow: if a junior engineer with one week of onboarding could do the same task safely, the agent probably can too. If it requires more judgment than that, the agent probably shouldn’t.

This is a deliberately conservative rule. It will become more permissive as the technology improves. For now, it keeps teams out of the failure modes that matter.

Closing

AI agents in DevOps aren’t magic. They’re a new category of automation with a different operational profile than what came before. Used well, with bounded tools, human review, eval pipelines, and cost ceilings, they’re a real productivity win. Used carelessly, they create new categories of incident.

If you’re trying to figure out where agents fit in your DevOps stack, we’re glad to help.