AI-Driven DevSecOps Automation: An Intelligent Framework for Continuous Cloud Security and Regulatory Compliance

Notice

This is an unedited manuscript accepted for publication and provided as an Article in Press for early access at the author’s request. The article will undergo copyediting, typesetting, and galley proof review before final publication. Please be aware that errors may be identified during production that could affect the content. All legal disclaimers of the journal apply.

Year : 2026 | Volume : 13 | 01 | Page :
    By

    Roshan Kakarla,

  • Sai Bharat Sannareddy,

  1. Research Scholar, Department of Information Technology, Independent Researcher, Address: 5276 George Ct, Apt D, Gurnee, IL 60031, Gurnee, United States
  2. Research Scholar, Department of Information Technology, Independent Researcher, Address: 5276 George Ct, Apt D, Gurnee, IL 60031, Gurnee, United States

Abstract

Cloud-native systems, microservices, and infrastructure-as-code (IaC)–oriented CI/CD pipelines have accelerated the pace of software delivery, yet they have also introduced new layers of operational complexity and widened the overall security exposure of modern applications. Traditional DevSecOps workflows still depend heavily on isolated scanners, manual reviews, and static governance processes that are not well-suited for the elasticity and constant change characteristic of multi-cloud environments. To address these limitations, this paper introduces an AI-Driven DevSecOps Automation Framework (AID-DF) that integrates several complementary forms of artificial intelligence. Machine Learning models are used to identify behavioural anomalies within application and infrastructure telemetry, Natural Language Processing enables automated interpretation and mapping of regulatory and policy requirements, and Reinforcement Learning guides adaptive remediation actions and risk-aware deployment strategies. The framework was validated across a distributed environment consisting of 100 microservices deployed on combined AWS and Azure Kubernetes clusters. Results indicate notable gains in detection precision, regulatory coverage, Mean- Time-to-Detect (MTTD), Mean-Time-to-Respond (MTTR), and overall audit efficiency. These findings suggest that AI- enhanced DevSecOps pipelines can deliver a continuously compliant and highly scalable security posture for contemporary cloud-native ecosystems.

Keywords: Artificial Intelligence; Machine Learning; Reinforcement Learning; Natural Language Processing; Cloud Security; Compliance Automation; Hybrid Cloud; CI/CD; Threat Detection

How to cite this article:
Roshan Kakarla, Sai Bharat Sannareddy. AI-Driven DevSecOps Automation: An Intelligent Framework for Continuous Cloud Security and Regulatory Compliance. Journal of Artificial Intelligence Research & Advances. 2026; 13(01):-.
How to cite this URL:
Roshan Kakarla, Sai Bharat Sannareddy. AI-Driven DevSecOps Automation: An Intelligent Framework for Continuous Cloud Security and Regulatory Compliance. Journal of Artificial Intelligence Research & Advances. 2026; 13(01):-. Available from: https://journals.stmjournals.com/joaira/article=2026/view=237196


References

  1. Zhao X, Clear T, Lal R. Identifying the primary dimensions of DevSecOps: A multi-vocal literature review. Journal of Systems and Software. 2024 Aug 1;214:112063.
  2. Rzig DE, Houerbi A, Chavan RG, Hassan F. Empirical Analysis on CI/CD Pipeline Evolution in Machine Learning Projects. arXiv preprint arXiv:2403.12199. 2024 Mar 18.
  3. Belouaddane L, Ait Said M, Marzouk A, Benmakhlouf A. Microservice Architecture DevOps Integration Challenges: A Qualitative Study. InInternational Conference on Advanced Engineering, Technology and Applications 2024 May 24 (pp. 96-108). Cham: Springer Nature Switzerland.
  4. Devarakonda RR. An Integrated Approach for Security and Compliance on a Cloud-Based DevOps Platform. Available at SSRN 5234673. 2021 Dec 1.
  5. Deng S, Zhao H, Huang B, Zhang C, Chen F, Deng Y, Yin J, Dustdar S, Zomaya AY. Cloud-native computing: A survey from the perspective of services. Proceedings of the IEEE. 2024 Feb 12;112(1):12-46.
  6. Filepp R, Adam C, Hernandez M, Vukovic M, Anerousis N, Zhang GQ. Continuous compliance: Experiences, challenges, and opportunities. In2018 IEEE World Congress on Services (SERVICES) 2018 Jul 2 (pp. 31-32). IEEE.
  7. Neto EC, Iqbal S, Buffett S, Sultana M, Taylor A. Deep learning for intrusion detection in emerging technologies: a comprehensive survey and new perspectives. Artificial Intelligence Review. 2025 Nov;58(11):1-63.
  8. Islam MS, Rakha MS, Pourmajidi W, Sivaloganathan J, Steinbacher J, Miranskyy A. Anomaly detection in large-scale cloud systems: An industry case and dataset. In2025 IEEE/ACM 47th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP) 2025 Apr 27 (pp. 377-388). IEEE.
  9. Gillioz A, Casas J, Mugellini E, Abou Khaled O. Overview of the Transformer-based Models for NLP Tasks. In2020 15th Conference on computer science and information systems (FedCSIS) 2020 Sep 6 (pp. 179-183). IEEE.
  10. Gaddam N. AI-Based Cloud Governance for Multi-Cloud Compliance Management. Journal ID. 2024;2563:4512.
  11. Lopez-Martin M, Carro B, Sanchez-Esguevillas A. Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Systems with Applications. 2020 Mar 1;141:112963.
  12. Dowling S, Schukat M, Barrett E. Improving adaptive honeypot functionality with efficient reinforcement learning parameters for automated malware. Journal of Cyber Security Technology. 2018 Apr 3;2(2):75-91.
  13. Ahmadi C, Chen JL. Survey on Reinforcement Learning Techniques for Enhancing Security and Efficiency in Zero Trust Networks. In2024 10th International Conference on Applied System Innovation (ICASI) 2024 Apr 17 (pp. 427-429). IEEE.
  14. Algarni AM, Malaiya YK. A consolidated approach for estimation of data security breach costs. In2016 2nd International Conference on Information Management (ICIM) 2016 May 7 (pp. 26-39). IEEE.
  15. Giorgio L, Nicola M, Fabio S, Andrea S. Continuous defect prediction in CI/CD pipelines: A machine learning-based framework. InInternational Conference of the Italian Association for Artificial Intelligence 2021 Dec 1 (pp. 591-606). Cham: Springer International Publishing.
  16. Shin Y, Williams L. An empirical model to predict security vulnerabilities using code complexity metrics. InProceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement 2008 Oct 9 (pp. 315-317).
  17. Fu M, Pasuksmit J, Tantithamthavorn C. Ai for devsecops: A landscape and future opportunities. ACM Transactions on Software Engineering and Methodology. 2025 Apr 28;34(4):1-61. 20
  18. Pitkar H. Cloud Security Automation Through Symmetry: Threat Detection and Response. Symmetry. 2025 Jun 1;17(6):859.
  19. Jia Z, Shen C, Yi X, Chen Y, Yu T, Guan X. Big-data analysis of multi-source logs for anomaly detection on network-based system. In2017 13th IEEE conference on automation science and engineering (CASE) 2017 Aug 20 (pp. 1136-1141). IEEE.
  20. Gorle S, Muthusamy P, Inampudi RK. Consent-Driven Continuous Delivery with Open Policy Agent and Spinnaker. Journal of Knowledge Learning and Science Technology ISSN: 2959-6386 (online). 2025 Jul 5;4(2):102-12.
  21. Force JT. Security and privacy controls for information systems and organizations. National Institute of Standards and Technology; 2020 Mar 16.
  22. Folorunso A, Mohammed V, Wada I, Samuel B. The impact of ISO security standards on enhancing cybersecurity posture in organizations. World Journal of Advanced Research and Reviews. 2024;24(1):2582-95.
  23. Li J, Li H. Evolution of Application Security based on OWASP Top 10 and CWE/SANS Top 25 with Predictions for the 2025 OWASP Top 10. In2025 International Conference on Inventive Computation Technologies (ICICT) 2025 Apr 23 (pp. 1178-1183). IEEE.
  24. Rodrigues BB. Google Cloud Digital Leader Certification Guide: A Comprehensive Study Guide to Google Cloud Concepts and Technologies. Packt Publishing Ltd; 2024 Mar 15.
  25. Okeyode D, Kirui J. DevSecOps for Azure: End-to-end supply chain security for GitHub, Azure DevOps, and the Azure cloud. Packt Publishing Ltd; 2024 Aug 28.
  26. Zhang R, El-Gohary N. Transformer-based approach for automated context-aware IFC-regulation semantic information alignment. Automation in Construction. 2023 Jan 1;145:104540.
  27. Roger J, Alexander D. AI-Powered Risk Assessment Models for Enhancing Data Governance Compliance. URL: https://www. researchgate. net/publication/390941575. 2025 Jan 13.
  28. Thiyagarajan G, Bist V, Nayak P. AI-Driven Configuration Drift Detection in Cloud Environments. Gogulakrishnan Thiyagarajan, Vinay Bist, Prabhudarshi Nayak.(2024). AI-Driven Configuration Drift Detection in Cloud Environments. International Journal of Communication Networks and Information Security (IJCNIS). 2024 Nov 10;16(5):721-43.
  29. Zeydan E, De Alwis C, Khan R, Turk Y, Aydeger A, Gadekallu TR, Liyanage M. Quantum Technologies for Beyond 5G and 6G Networks: Applications, Opportunities, and Challenges. arXiv preprint arXiv:2504.17133. 2025 Apr 23.
  30. Rodrigues BB. Google Cloud Digital Leader Certification Guide: A Comprehensive Study Guide to Google Cloud Concepts and Technologies. Packt Publishing Ltd; 2024 Mar 15.
Ahead of Print Subscription Original Research
Volume 13
01
Received 20/11/2025
Accepted 05/12/2025
Published 19/02/2026
Publication Time 91 Days
51

Login


My IP

PlumX Metrics