§1 · Premise
AI-generated Terraform is faster to write than to read
Infrastructure you cannot read is infrastructure you do not control.
AI-generated Terraform is faster to write than it is to read — and that asymmetry is the whole danger. Every accepted suggestion you did not fully reason through widens the Comprehension Gap: the distance between what is deployed and what your team actually understands. The gap is invisible until an incident escalates and nobody in the room can say what is running or why. Terraform makes it unusually cheap to ignore, because syntactically valid HCL passes `fmt` and `validate`, plans clean, and applies real infrastructure with silent insecure defaults baked in.
The triad is the discipline that keeps the gap closed. The Apprentice:Mentor lens keeps your mental model of the infrastructure intact; the Defense lens treats every generated resource as your own liability before `apply`; the Offense lens hunts the drift — literal and cognitive — before it fails loudly at 2 a.m. You install them in a fixed order, because the order is load-bearing.
§2 · Falsification bet
The bet we are willing to lose
The trust layer of this workshop is not a testimonial — it is a falsifiable claim with a horizon and a check. If it fails, bring the plan output that proves it.
Position The triad closes the Comprehension Gap, not just adds gates Horizon Two quarters from install Checkable Cold plan-reading, insecure-default rate to prod, and captured reasons for autonomous changes, measured
If a team installs all three lenses over its Terraform practice — a withholding config on its IaC assistant, a blast-radius gate and policy-as-code before every `apply`, a drift ritual that reads decision records — and after two quarters its engineers are no better at reading a plan cold, its generated modules still ship insecure defaults to production, and not one autonomous infrastructure change carries a captured reason, then the triad added ceremony to IaC and I was wrong. Bring the plan output that proves it.
OPEN · CHECKABLE Cold plan-reading, insecure-default rate to prod, and captured reasons for autonomous changes, measured
§3 · The three lenses
Three lenses, installed in a fixed order
In Terraform each lens has a native instrument: `terraform plan` is predict-and-trace, drift is the Offense lens made literal, state is the secret-exposure surface, and the registry is the supply chain. You install them in sequence because the order is load-bearing.
- 01
Apprentice
Predict the plan before you run it; keep your mental model of the infrastructure intact.
Operates on Your own comprehension of what is deployed; the deskilling effect of accepting generated HCL unread. - 02
Defense
Your generated HCL is your infrastructure. The model is a component, not a vendor you can blame after the breach.
Operates on Insecure-but-valid defaults, secret-in-state, slopsquatted modules — every resource you are about to `apply`. - 03
Offense
Drift you cannot explain — in state or in understanding — is debt you cannot price.
Operates on Your rituals and pipelines; surfacing real and cognitive drift; governing autonomous infrastructure agents.
Load-bearing rule Apprentice:Mentor → Defense → Offense, never reversed. Install Defense and Offense before your mental model of the infrastructure is intact and you harden pipelines and write policy against systems you cannot read — policy theater enforced on generated code nobody understands. Install the how of reading infrastructure before the what you defend and the where you hunt drift. If time is short, modules are shortened, not resequenced.
§4 · Who gets what
Where the value lands by archetype
One core program, but its center of gravity shifts with where you operate in the IaC lifecycle. Pick your stance to see the emphasis and the recommended tier.
Builder L3
Architect Principal
Orchestrator EM / Director
Strategist CISO / CTO / VP
Supporter L1–L2
§5 · Curriculum
Three modules, then the capstone
Each module is one lens: an objective, the core move, a build exercise you do paper-first, and a checkpoint that names the failure mode. Predict-and-trace is `terraform plan` — predict the diff by hand, run it, trace the divergence.
Objective
Install the plan-before-apply reflex and a withholding configuration that defaults your IaC assistant to coaching, so the Comprehension Gap never opens.
Core move
Configure the assistant to refuse finished HCL for anything load-bearing and instead ask the senior questions — which resources, what dependency graph, what lands in state, what blast radius, which existing resources it touches. Predict the plan by hand, then run `plan` and trace the diff. Oracle mode is a typed, deliberate exception for boilerplate, never the security group or the state migration.
Exercise
Read a supplied ~15-resource plan cold (including a `-/+ replace` on a stateful resource), naming the dangerous change and the dependency order. Then write your withholding config: the four senior questions, a forbidden highest-blast-radius resource list, the oracle escape phrase, and per-session security re-statement.
Checkpoint
If you could not identify the dangerous change in the cold plan, that is the diagnostic succeeding — it is the read your assistant has been doing for you. If your config has no forbidden-resource list, it is decoration.
Objective
Install the gate that proves AI-generated Terraform safe before `apply`, scored against a fixed taxonomy. The model is a component of your infrastructure, not a vendor you can blame after the breach.
Core move
The Moffatt standard in IaC: when a generated security group opens `0.0.0.0/0` or a storage account ships `public_network_access_enabled = true`, the exposure is yours. The dangerous output is the insecure-but-valid default that passes `fmt`, passes `validate`, plans clean, and slips past a quick skim. Run the defense stack — static scan, policy-as-code, pinning + lockfile, reviewed-plan-artifact — before every apply.
Exercise
Harden one generated Azure module (storage account, NSG, VM) through the gate: which of the five failure modes are present, the insecure-but-valid defaults found, any unverified module `source`, the sensitive value landing in state and its ephemeral fix, and the three resources whose blast radius you least understand.
Checkpoint
If your validation source for a module `source` is “it looked like a real namespace,” you have no gate. If you found zero insecure defaults in a generated module, scan it — you most likely missed the one that passes `validate`.
Objective
Arm your IaC rituals so each carries one move that surfaces drift — the gap between code and reality, and the gap between code and understanding — and design the gate that governs autonomous infrastructure agents.
Core move
Terraform's native drift is the gap between state and live infrastructure; the Offense lens adds cognitive drift and the borrowed velocity of modules nobody could rewrite. The autonomous-remediation trap: an agent heals drift by realigning live state to the repo and rolls back a deliberate emergency patch fifteen minutes later — protecting the infrastructure from its own engineers. The fix is the decision record: the agent reads open ODRs before it heals and emits an AgODR for each heal.
Exercise
Arm one IaC ritual with a single offensive move and test it (surfaces drift specifically? gameable? adds a meeting or modifies one?). Then design the autonomous-agent remediation gate: what it reads before healing, the AgODR fields it emits, and the blast-radius tiers for autonomous vs. human-approved action.
Checkpoint
If your remediation gate has no “read open ODRs first” step, you have built the agent that rolls back the emergency patch. If it blocks a human on every heal, your on-call will rubber-stamp — tier it by blast radius.
Brief
Design the 60-day install of all three lenses over a real (or supplied) Terraform estate, then defend it before a panel in the CTRL ALT PRESS voice.
Scenario
A regulated enterprise runs `azurerm` Terraform across dev/stage/prod. Review time per generated module is under a minute. A generated NSG recently shipped a permissive rule to prod that passed `validate`. An autonomous drift-remediation agent is in pilot. Leadership is debating OpenTofu. 60 days, no new headcount, you may not stop the team using AI.
Must contain
- The IaC withholding config (Apprentice) and the predict-the-plan drill, with the resource classes it forbids generating.
- The defense stack (Defense): scanner, policy-as-code rules, pinning + lockfile, reviewed-plan-artifact pipeline, and the blast-radius PR gate.
- The offensive rituals (Offense) and the autonomous-agent remediation gate that reads ODRs and emits AgODRs.
- The Terraform-vs-OpenTofu recommendation, decided on operational grounds — not preference.
- The 60-day behavioral markers, with “the AI wrote it” banned as an incident explanation.
Pass line
Pass ≥ 18/30; distinction ≥ 24 with no dimension below 3.
You will leave able to
- Read a `terraform plan` diff cold and predict it before running it, and configure an IaC assistant to withhold HCL and coach instead.
- Name the five ways LLM-generated Terraform causes real damage, and run a blast-radius review gate against AI-authored modules.
- Build a defense stack — static scan, policy-as-code, lockfile pinning, reviewed-plan-artifact discipline — that catches insecure-but-valid defaults before `apply`.
- Arm an IaC ritual with one offensive move, and design a drift-remediation gate that an autonomous agent must clear and that reads human ODRs before it heals.
- Defend the whole install against an adversarial panel, and decide the Terraform-vs-OpenTofu question on operational grounds rather than vibes.
§6 · Failure taxonomy
The five ways generated Terraform causes real damage
A working taxonomy to score against, synthesized from current IaC-security practice. The insecure-but-valid default and the slopsquatted module are the two that pass `validate` and a quick skim.
| Failure mode | Counter |
|---|---|
| Identity churn — a regenerated module renames or re-indexes resources, and the next plan wants to destroy-and-recreate live infrastructure. | `moved` blocks for deliberate refactors; predict the plan to catch unwanted replacements. |
| Secret exposure — secrets leaking through state, logs, defaults, or artifacts. | Ephemeral resources/values for run-time credentials; never secrets in `variables`/`.tfvars`; treat state as a secret. |
| Blast radius — oversized stacks, weak boundaries, unsafe production applies. | State and module boundaries that bound failure; the blast-radius review gate. |
| CI drift — version mismatches, unreviewed applies, missing plan artifacts. | Pin runtime and providers, commit `.terraform.lock.hcl`, apply only the reviewed plan artifact. |
| Compliance gate gaps — missing policies, approvals, audit controls. | Policy-as-code (OPA/Conftest or Sentinel) on every path to apply. |
§7 · Evidence floor
The research this stands on
No testimonials, no countdown timers. Claims carry provenance; vendor and unverified figures are labeled.
- 01
AI-generated Terraform is faster to write than to read; insecure-but-valid defaults evade static analysis and skim review.
- 02
Over 40% of AI-generated code carries security flaws even from current models; architectural drift evades static analysis.
- 03
Models invent plausible module sources and provider names (“slopsquatting”) at an estimated 5–20% rate.
- 04
The five LLM-Terraform failure modes: identity churn, secret exposure, blast radius, CI drift, compliance-gate gaps.
- 05
No partition between an LLM's output and the organization that deploys it; the chatbot is not a separate legal entity.
- 06
Ephemeral resources/values, declarative `removed`/`import` blocks, and the native `terraform test` framework are current language features.
- 07
OpenTofu is production-ready in 2026 and the default for many new no-contract projects; the choice is itself an operational decision.
§8 · Enroll
Choose your delivery tier
Three modalities, same curriculum. Efficacy rises with the live BUILD/BREAK drills on real applies — the in-person intensive runs against instructor-seeded breakage and a rollback agent.
| Modality | Format | Efficacy | Positioning |
|---|---|---|---|
| Self-paced | 8 modules, plan-read drills, template pack | Lowest here — no live BUILD/BREAK on real applies | Entry tier; justified by the template pack and lifetime updates |
| Virtual cohort | 8 weekly live sessions, paper-first graph/plan drills, async capstone | High — accountability + witnessed cold reads | Premium; the cap preserves drill integrity |
| In-person intensive | 2 days, live applies against instructor-seeded breakage and a rollback agent | Maximum — the practice is embodied | Top tier; pairs with the ODR workshop's agent-governance audit |
A domain installment of The Triad of Prompt Lenses; pairs with the agent-governance audit from ODR & AgODR.