Gomboc AI Sees Rapid Adoption as Enterprises Shift from Security Alerts to Deterministic Code Fixes

New updates have been reported about Gomboc AI.

Gomboc AI is reporting accelerating adoption of its AI Code Security Assistant platform across both its free Community Edition and enterprise customers, as security and infrastructure teams move away from alert-centric tools toward automated, code-level remediation. In the last quarter, the Community Edition surpassed more than 1,180 downloads in under a month, with users analyzing over 3,400 Infrastructure-as-Code repositories (primarily Terraform), reviewing 18,000-plus policy findings, and automatically remediating about 8,200 issues. Approximately 72% of detected issues were resolved automatically as merge-ready pull requests, indicating that engineers are increasingly validating Gomboc-generated fixes in code rather than managing security backlogs. CEO and co-founder Ian Amit positioned this as confirmation of the company’s thesis that remediation, not more alerts, is the key constraint for security teams, and that embedding deterministic fixes into developer workflows enables organizations to remediate more risk without additional headcount.

Enterprise usage is showing similar patterns at larger scale, with Gomboc AI citing Upwork as a flagship customer example. Upwork’s infrastructure team used the platform to remediate misconfigurations across more than 250 Terraform repositories in the first month, reclaiming an estimated 125–200 engineering hours per month and cutting remediation time per repository from up to an hour to under 20 minutes, while standardizing security enforcement across 336 Terraform codebases through policy-aligned pull requests. Other enterprises, including C&S Wholesale Grocers, are using Gomboc AI to replace ticket-driven cleanup with automated, policy-enforced remediation directly in Git, reinforcing the view that detection is no longer the bottleneck—manual remediation is. The company is now extending its deterministic fix engine, powered by its new Open Remediation Language, with plans to support more than 35 programming and infrastructure languages and new use cases such as Terraform drift remediation. Management frames this roadmap as critical to securing a future in which AI-generated infrastructure is commonplace, arguing that security must operate at “the speed of code” and that competitive advantage will accrue to teams that move from managing alerts to automatically applying auditable, production-ready fixes at scale.