Farewell False Positives: Building Trustworthy AI for IaC Analysis
Emily Choi-Greene
fwd:cloudsec North America 2025 · Day 1 · Track 2 - Crestone
Emily Choi-Greene, CEO and co-founder of Clearly AI, delivered a practitioner-focused talk on building reliable AI systems for analyzing **infrastructure as code (IaC)**. Rather than presenting new vulnerabilities or attacks, this talk provided an engineering-oriented guide to applying large language models to cloud security tasks -- specifically IaC review -- while minimizing hallucinations, ensuring output consistency, and maintaining trustworthy results. Choi-Greene walked through the AI engineering stack from context ingestion (RAG and tool use) through output normalization (using BAML for typed outputs), hallucination prevention (chain-of-thought reasoning and LLM-as-judge), and the practical limitations of current models. The talk positioned AI as a force multiplier for security teams drowning in code review work, not as a replacement for human judgment.
AI review
A competently delivered survey of AI engineering best practices applied to IaC scanning. Useful if you've never built an LLM-powered application, but contains zero security research, zero novel findings, and zero demonstrated exploitation or defense capabilities. This is an AI engineering tutorial at a security conference, and that mismatch matters.