SAN FRANCISCO — IBM and HashiCorp are developing a knowledge graph project that will lay the groundwork for AI agent automation using familiar cloud infrastructure management tools.
HashiCorp has been cautious about adopting generative AI over the past three years. In 2023, it added support for AI-generated Terraform tests but has lagged cloud infrastructure automation competitors in launching AI-powered features. The new Project Infragraph, launched in private beta last week, marks another careful step toward AI integration, providing context for AI agents about IT resources, data repositories and their interconnections.
"Most big enterprises have hundreds of different core systems of record, and so the data is highly fragmented across all these things with very different ways of accessing it, very different ways of querying that data, different data models, different access controls around all of it. So how do you then expose all of that to AI in a consistent and useful way?" said HashiCorp co-founder and CTO Armon Dadgar during a HashiConf keynote presentation on Sept 26.
"This is where we're seeing a lot of challenge," he said. "If we're going to actually make most of these bots useful, we have to [pull] in these systems and [make] them accessible to our tools."
HashiConf attendees saw a demo during the keynote of an early-stage version of the knowledge graph that included Terraform infrastructure as code, Packer machine images and AWS data. A feature called Graph Explorer displayed an inventory of AWS compute resources, Terraform workspaces and Packer build data, along with a set of prebuilt queries about these systems. These queries included a request for a list of EC2 instances in the environment older than 30 days; a list of resources built with the latest version of Terraform; and information about how AWS resources correspond to Terraform workspaces. Project Infragraph will add connectors to Azure, Google Cloud, other HashiCorp and IBM tools, third-party version control systems, and cybersecurity tools, according to company officials.
The idea of using a knowledge graph to guide AI agent automation isn't unique – many IT vendors, including Dynatrace, Microsoft Azure, Atlassian, Pulumi and ServiceNow, also favor this approach. Knowledge graphs are not new, but IT experts say they hold promise as a way to organize and visualize IT environments for the AI era.
HashiCorp users assess AI automation
Some HashiCorp customers aren't waiting for the full-fledged roadmap to come to fruition before forging ahead with AI. Dadgar estimated during Friday's keynote that 30 to 40% of Terraform code is already generated using AI tools. Customers are also using HashiCorp Consul to manage AI agents, according to a breakout session presentation by HashiCorp field CTO Steffen Wagner.
We see a lot of customers using Consul as an AI agent registry.
Steffen WagnerField CTO, HashiCorp
"In distributed systems, if you run a lot of microservices … they need to register somewhere to say, 'I'm instance five of that microservice. You can reach me under this host name,'" Wagner said. "And if you think about agents, it's the same thing. … a new agent needs to register somewhere centrally to say, 'I'm here. That's my identity, that's my URL, that's the purpose I'm [serving].' We see a lot of customers using Consul as an AI agent registry."
AI automation could speed up infrastructure provisioning in large enterprise environments, such as Benchling, which uses Terraform to manage 165,000 cloud infrastructure resources in 350 workspaces.
"We require developers to review any 'Terraform apply' [functions] in production workspaces," said Christian Monaghan, engineering manager at the electronic lab notebook software maker based in San Francisco, during another breakout session presentation. "It's tedious when we have so many workspaces. So what we'd like to do is use some kind of AI interpretation that says, 'Okay, instead of doing the same change set 50 times, we can use it once and then assess all the others, [to see if they] are basically the same.'"
Another HashiConf attendee said he was eager to try Project Infragraph for service discovery and business reporting using natural language, regardless of whether AI agents are involved.
"I've heard people at HashiCorp say, 'We want you to be able to talk to your infrastructure,'" said a senior cloud engineer at a Fortune 500 company on the East Coast, who requested anonymity because he isn't authorized to speak on behalf of his employer in the press.
"That's awesome, because I don't want to sift through state files and find resources just to get an idea of what it looks like," he said. "Essentially, you have a local small language model for your infrastructure, so you can use it to help find golden patterns. We're a small platform team. We want to do golden workflows, but you have to find the time to prioritize that work. Or you can use that Infragraph. That's where I see that going."
More AI roadmap clues at HashiConf
HashiCorp officials dropped further hints during the conference about plans for AI agent automation. For example, the company brushed up integration between its Vault secrets management tool and the Secure Production Identity Framework For Everyone (SPIFFE) open source project last week. The new integration includes support for SPIFFE Verifiable Identity Documents minting, so users can trade existing Vault tokens for SPIFFE identity information used for system-to-system access.
"This is becoming a particularly important pattern when we talk about these next-generation AI workloads," Dadgar said during a HashiConf keynote presentation on Sept. 26. "How do we have agent-to-agent or user-to-agent communication patterns where we have strong cryptographic proof that we know the identity of our caller? SPIFFE provides a good standard for doing this on top of standard protocols like OIDC [OpenID Connect]."
IBM also outlined plans to integrate HashiCorp's IP with its IBM Concert AIOps tool before the companies merged, but that integration was not included in Concert's general availability launch in 2024. According to HashiCorp officials last week, the future of that integration remains "TBD," but Jason Anderson, an analyst at Moor Strategy & Insights, said in an interview during HashiConf that Project Infragraph could help facilitate it.
"I think IBM still sees that opportunity, but the Concert team has also got a priority around resilience and more real-time [functions]," Anderson said. "So Infragraph being a more real-time type of [tool] may be a key to building that bridge, eventually."
Beth Pariseau, a senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.
Dig Deeper on Systems automation and orchestration
