We're the cofounders of Terracotta AI, a Y Combinator S23 company. We're building AI-native guardrails for Terraform.
We help platform teams enforce best-practice standards, security, and cost control through natural language in PRs.
If you’ve ever had a Terraform plan blow up your environment because of an exposed secret, an over-permissive IAM role, or a misconfigured resource that slipped past review, you know the pain we're solving for. Senior platform engineers reviewing plan after plan, playing detective with developers, answering a non-stop influx of questions, and when something slips through the pipeline, a PagerDuty call and compliance breathing down your neck is what you get in return.
Right now, most Terraform pipelines rely on static scanners, policy engines, or manual reviews from senior engineers to catch issues. Those take forever to plan, set up, and maintain. Platform teams spend hours deciphering plan diffs, explaining blast radius to other teams, and chasing drift after it hits production.
Terracotta sits in your code source control and acts as a deterministic AI layer across your Infrastructure as Code pipeline.
When a pull request opens, pre-built or custom guardrails (using natural language to create) take action:
-- Analyzes the Terraform diff, plan, and state for risk, drift, and dependency conflicts
-- Runs cost, security, and compliance checks based on your AI-defined policies (“No public S3 buckets”, “All RDS instances must be encrypted”)
-- Summarizes the plan in simple language so reviewers and non-Terraform folks actually understand what’s changing
-- Flags high-risk changes (blast radius, cost spikes, misconfigurations) before they merge
Everything happens before CI/CD, no new runners, no custom pipelines, and no vendor lock-in. Terracotta AI reads your Terraform code, remote state, and cloud metadata contextually, so its reviews are aware of relationships between modules, dependencies, and workspaces in real-time.
We designed this for platform teams that want autonomy and speed without chaos.
You can define AI guardrails using natural language (which we translate into structured enforcement rules) and apply them at a global or per-repo level.
We also simulate deployment behavior. Think of it as a dry-run AI that tells you what will happen when terraform apply runs, including cost deltas and downstream impact.
Under the hood:
-- Deterministic, Terraform-native LLM fine-tuned on Terraform best practice, IaC best practice, compliance, and best practice cloud architecture
-- We perform plan parsing and graph dependency resolution internally — no external API calls to your code
-- Data never leaves your environment; we offer both on-prem and single tenancy deployment in addition to our cloud offering (We're SOC2 Type1/2 certified)
-- Integrates with GitHub, GitLab, and Bitbucket (coming soon) out of the box
We’re not trying to replace Terraform. We’re making it safer and faster to use at scale.
If you want to see it in action, check us out at: https://tryterracotta.com
We just launched our self-service beta. 20 PRs for free, no time limit, and no CC information.
Would love feedback, especially from folks maintaining multi-repo, mono-repo or multi-team IaC pipelines.
About the team:
I've spent over 15 years in the cloud infrastructure and observability industry, from building cloud infrastructure to deploying multi-cloud AIOps and open-source tooling. Before YC, I was the director of solutions architecture at an AIOps company (acquired by HPE).
My cofounder has over 15 years of experience building gaming, B2C, and Enterprise SaaS and our founding engineer has over 25 years of experience building B2B SaaS and has built and sold 2 startups of his own.
gtlpanda•1h ago
We're the cofounders of Terracotta AI, a Y Combinator S23 company. We're building AI-native guardrails for Terraform.
We help platform teams enforce best-practice standards, security, and cost control through natural language in PRs.
If you’ve ever had a Terraform plan blow up your environment because of an exposed secret, an over-permissive IAM role, or a misconfigured resource that slipped past review, you know the pain we're solving for. Senior platform engineers reviewing plan after plan, playing detective with developers, answering a non-stop influx of questions, and when something slips through the pipeline, a PagerDuty call and compliance breathing down your neck is what you get in return.
Right now, most Terraform pipelines rely on static scanners, policy engines, or manual reviews from senior engineers to catch issues. Those take forever to plan, set up, and maintain. Platform teams spend hours deciphering plan diffs, explaining blast radius to other teams, and chasing drift after it hits production.
Terracotta sits in your code source control and acts as a deterministic AI layer across your Infrastructure as Code pipeline.
When a pull request opens, pre-built or custom guardrails (using natural language to create) take action:
-- Analyzes the Terraform diff, plan, and state for risk, drift, and dependency conflicts
-- Runs cost, security, and compliance checks based on your AI-defined policies (“No public S3 buckets”, “All RDS instances must be encrypted”)
-- Summarizes the plan in simple language so reviewers and non-Terraform folks actually understand what’s changing
-- Flags high-risk changes (blast radius, cost spikes, misconfigurations) before they merge
Everything happens before CI/CD, no new runners, no custom pipelines, and no vendor lock-in. Terracotta AI reads your Terraform code, remote state, and cloud metadata contextually, so its reviews are aware of relationships between modules, dependencies, and workspaces in real-time.
We designed this for platform teams that want autonomy and speed without chaos.
You can define AI guardrails using natural language (which we translate into structured enforcement rules) and apply them at a global or per-repo level.
We also simulate deployment behavior. Think of it as a dry-run AI that tells you what will happen when terraform apply runs, including cost deltas and downstream impact.
Under the hood:
-- Deterministic, Terraform-native LLM fine-tuned on Terraform best practice, IaC best practice, compliance, and best practice cloud architecture
-- We perform plan parsing and graph dependency resolution internally — no external API calls to your code
-- Data never leaves your environment; we offer both on-prem and single tenancy deployment in addition to our cloud offering (We're SOC2 Type1/2 certified)
-- Integrates with GitHub, GitLab, and Bitbucket (coming soon) out of the box
We’re not trying to replace Terraform. We’re making it safer and faster to use at scale.
If you want to see it in action, check us out at: https://tryterracotta.com We just launched our self-service beta. 20 PRs for free, no time limit, and no CC information.
You can use our quick start tutorials to get it working in just 5 minutes: https://docs.tryterracotta.com/docs/quick-start-video-tutori...
Would love feedback, especially from folks maintaining multi-repo, mono-repo or multi-team IaC pipelines.
About the team:
I've spent over 15 years in the cloud infrastructure and observability industry, from building cloud infrastructure to deploying multi-cloud AIOps and open-source tooling. Before YC, I was the director of solutions architecture at an AIOps company (acquired by HPE).
My cofounder has over 15 years of experience building gaming, B2C, and Enterprise SaaS and our founding engineer has over 25 years of experience building B2B SaaS and has built and sold 2 startups of his own.