Cloud security teams are great at finding risk. The harder part is fixing it safely, consistently, and at scale. That’s the automation story behind the new Wiz + ControlMonkey integration.

Wiz identifies cloud risks, misconfigurations, exposure paths, and policy violations across cloud and SaaS environments. ControlMonkey takes those findings and connects them to the infrastructure automation layer — mapping risks back to IaC, including Terraform, OpenTofu, Terragrunt, unmanaged resources, and drifted cloud assets.

The result: teams can move from manual, reactive remediation to governed, code-based action.

Why This Matters

Security findings often live in one system. Infrastructure changes happen somewhere else.

That disconnect creates delays, ownership gaps, and risky manual fixes. It also makes it harder to understand whether a cloud risk exists in code, in production, or in unmanaged infrastructure outside IaC.

With Wiz and ControlMonkey together, organizations can:

• Validate infrastructure changes against real cloud risk before deployment
• Map findings to live cloud resources and IaC definitions
• Identify unmanaged and drifted resources tied to security exposure
• Enforce guardrails before risky changes reach production
• Automate remediation through controlled IaC workflows

The Automation Flow

• A cloud change begins — through Terraform, CI/CD, self-service, API automation, or another workflow.
• ControlMonkey captures the intended change and the cloud context behind it. Wiz validates the risk, checking for misconfigurations, exposure paths, policy violations, sensitive data risk, and compliance issues.
• ControlMonkey then enforces the right action: allow, require approval, modify, remediate, or block.
• Instead of security findings becoming tickets, they become part of the infrastructure workflow.

Better Together

Wiz provides deep visibility into cloud risk. ControlMonkey turns that visibility into governed cloud automation.

Together, they help teams close the gap between detection and remediation — reducing manual work, eliminating blind spots, and keeping cloud environments aligned with approved IaC at scale.

Ready to connect cloud risk visibility with governed remediation?

Explore the Wiz + ControlMonkey integration today.

The new ControlMonkey MCP Server connects AI assistants like Cursor, Claude Code, and Windsurf directly to your ControlMonkey platform – so you can operate Terraform automation using natural language, without sacrificing governance and audit

AI is changing how teams write code. Now it’s changing how they operate infrastructure at scale. But infrastructure isn’t just code. It’s your production  uptime. It’s the risk you report to your board about . It’s your compliance.

Introducing the ControlMonkey MCP Server

The MCP Server connects your AI assistant directly to the ControlMonkey API.
Once connected, your AI assistant can operate across your ControlMonkey platform:

• Namespaces & Stacks – Create, update, query, and delete namespaces and Terraform stacks
• Plans & Deployments – Trigger Terraform plans and deployments, review states, approve or cancel runs
• Templates – Manage ephemeral and persistent templates, create stacks from templates
• Variables – Create and manage Terraform input variables across scopes
• Control Policies – Create policies and policy groups, map them to governance targets
• Notifications – Configure Slack, Teams, and email notification endpoints and subscriptions
• Disaster Recovery – Set up and manage DR and daily backups configurations

How does the MCP Server works?

The ControlMonkey MCP Server connects your AI assistant to the ControlMonkey API.

1. Your AI assistant (Cursor or Claude Code) sends a request through MCP.
2. The MCP server forwards that request to the ControlMonkey API using your API token.
3. ControlMonkey validates permissions based on the token’s role.
4. If authorized, the requested action is executed (plan, deployment, policy creation, query, etc.).
5. The result is returned to the AI assistant.
6. The action is logged in the audit trail.

5 Example AI Queries You Can Run Today

1. The last deployment on stack “payments-service” failed – Show me the Terraform apply logs and explain what went wrong.
2. List my AWS resources in my production account and show which are managed by Terraform and which are not.
3. Create a control policy that requires “team” and “environment” tags and apply it to the production namespace.
4. Are there any resources in production that are not managed by Terraform? Show potential drift.
5. Run a Terraform plan on the “billing-service” stack and summarize the expected changes before approval.
6. Many more..

Stay Ahead with Governed AI Cloud Operations

The ControlMonkey MCP Server lets them operate Terraform directly from tools like Cursor and Claude Code – without switching to the ControlMonkey UI.

At the same time:

• All actions run through the ControlMonkey API
• Permissions are enforced based on the API token
• Control policies are applied automatically
• Every action is logged in audit
• Terraform execution remains centralized

Your team gets AI-assisted operations inside their editor – while you keep governance, visibility, and control.

Learn how to scale cloud governance with AI and our MCP Server – without forcing teams into new workflows.

Connect with our team to get started.

Use AI With Caution –  ControlMonkey integrates with third-party LLM providers but does not control the underlying models or their outputs. AI-generated suggestions – including code changes, remediation steps, and infrastructure modifications – should always be reviewed by a qualified team member before being applied to your environment.AI is changing how teams write code. Now it’s changing how they operate infrastructure at scale. But infrastructure isn’t just code. It’s your production  uptime. It’s the risk you report to your board about . It’s your compliance.

As cloud operations scale, the skills gap – not tooling – often becomes a bottleneck. Modern DevOps teams need more than automation; they need an assistant that understands their codebase, cloud state, and guardrails and can help them with shipping infra with confidence, without sacrificing speed. Today we are lunching ControlMonkey AI IaC CoPilot to answer those challenges.

Introducing KoMo: First AI IaC Copilot

ControlMonkey, the industry’s only fully end-to-end IaC cloud automation platform, today announced KoMo, an AI-powered copilot designed to eliminate one of the biggest blockers in infrastructure delivery: the Infrastructure-as-Code (IaC) skills gap.

The Problem: The Skills Gap

Infrastructure delivery bottlenecks often trace back to one place: the skills gap. Teams can only move as fast as their least experienced engineer, slowing throughput, inflating costs, and introducing compliance risk. Senior DevOps become gatekeepers instead of innovators, while less-experienced contributors hesitate over Terraform syntax, plans, and reviews that can take a time and create toil.

KoMo: The Evolution of Self-Service

Traditional self-service relies on static blueprints. That’s fine for provisioning a single resource, but brittle when real-world requirements change. Our new AI IaC Copilot evolves self-service into something dynamic: AI-driven, context-aware, and compliant by design.

Unlike generic AI chat solutions like ChatGPT or Perplexity that are based on public knowledge KoMo operates with full organizational context thanks to Controlmonkey Integration to the Cloud accounts and to the Git.

KoMo Understand:

• Code across every IaC repository
• Cloud resources currently running in the environment
• Policies and guardrails that enforce compliance, security, and cost standards
• Deployment history, including approvals, rollbacks, and failures
• Modules and best practices shared across the organization
  

KoMo doesn’t generate generic Terraform. It generates Terraform code for YOUR organization – that is compliant, contextual, and safe to deploy. Engineers can request exactly what they need, and KoMo builds the stack the way your organization specifies.

KoMo: AI IaC Copilot Key Capabilities

• Generate Terraform for new resources and stacks aligned to org modules and policies
• Explain Terraform plans in clear, human-readable language
• Trace dependencies, module usage, and historical context instantly
• Flag risk before deployment in context from older outcomes.
• Enforce module usage to prevent drift and “left-behind” resources
• Cover multi-repo environments to eliminate blind spots
• Provision dynamic, on-demand stacks without static templates
  

“KoMo closes the cloud skills gap by evolving self-service. Because it sees not just your code, but your running cloud, policies, and history, it generates Terraform that’s truly yours. That’s how enterprises finally get compliant self-service at scale.”

Aharon Twizer

CEO and co-founder of ControlMonkey

Turn Every Engineer into Your Best Engineer

KoMo transforms how teams deliver infrastructure by eliminating the skills bottleneck. Instead of relying on a handful of senior DevOps engineers to review every line, debug every error, or rewrite every plan, KoMo gives every contributor the context and confidence to ship infrastructure that meets enterprise standards.

Real-World Uses for AI IaC Copilot

KoMo can answer the questions and requests that traditionally block engineers or overload DevOps experts:

• “Help me write Terraform to spin up a new service for periscope-app in dev using our naming conventions.”
• “Where do we use our S3 bucket module – and is it following best practices?”
• “Explain this Terraform plan in human-readable terms and flag risks.”
• “Analyze our Terraform/OpenTofu error and suggest a fix.”
• “Create a new-hire write-up of our Terraform layout: providers, modules, naming, and policies.”
• “Find references to Glue crawlers across repos and summarize the differences.”
• And many many more
  

See it in action? 

Ready to turn every engineer into your best engineer? Explore AI IaC Copilot in our next Product Showdown

With customers like Rapyd, Coralogix, and ReasonLabs already benefiting from compliance visibility, ControlMonkey is raising the bar for proactive cloud governance.

For teams managing their Terraform, OpenTofu, or Terragrunt environments, compliance is often a moving target. The new Cloud Compliance Dashboard in ControlMonkey delivers a unified, drill-down view into your compliance posture across AWS, Azure, and GCP helping you identify gaps before they turn into risks.

Introducing Cloud Compliance Dashboarding

The Compliance Dashboard gives DevOps and Cloud managers the ability to select relevant standards, track consolidated scores, and drill down into failed controls and resources.

Supported frameworks include:

• CIS Benchmarks (2.0, 2.1, 3.0)
• PCI DSS 4.0
• HIPAA Security Rule
• MITRE ATT&CK
• ENS_RD2022 (Spanish National Security Framework)
• DORA Regulation
• And more – Full List below

Teams can move from high-level compliance scores down to specific failed checks, pinpoint which resources triggered non-compliance (for example, an exposed EC2 instance), and shift compliance from reactive audits to proactive prevention.

Stay Ahead with Cloud Governance and Infrastructure Control

The dashboard provides decision-makers with measurable clarity. I Teams can continuously check compliance instead of just reacting to audit findings. They can enforce IaC policies on a large scale and strengthen infrastructure pipelines. This means:

• Improved visibility into your compliance score
• Reduced risk with drill-down checks at the resource level
• IaC alignment through proactive enforcement
• Scalable governance across multi-cloud environments

“When teams gain full visibility and proactive compliance controls, they stop reacting to problems and start preventing them. That’s how you consistently raise your compliance score.” said Ori Yemini, CTO, ControlMonkey

Customer Perspectives

2 of Control monkey customers already enjoying full IaC coverage visibility:

More IaC coverage means fewer security issues — period. What stood out with ControlMonkey was how easy it became to do things the right, modern way. When infrastructure and security teams can finally collaborate by design, that’s when security actually works

Nir Rothenberg

CISO

As a company that manages huge clusters of AWS resources, the ControlMonkey Platform and specifically its GitOps pipeline capabilities is an integral part of our infrastructure deployment process, enabling us to shift left our infrastructure policies, best practices, and guardrails to make sure our production environment is stable, compliant and secure

Yoni Farin

Coralogix

See it for yourself

Join our next Product Showdown to experience the Cloud Compliance Dashboard in action.

Supported Frameworks include:

Find below full list of framework support by cloud provider:

AWS

• CISA
• SOC 2
• CIS Benchmarks (1.4, 1.5, 2.0, 3.0, 4.0.1, 5.0)
• MITRE ATT&CK
• GDPR
• AWS Foundational Security Best Practices
• ISO/IEC 27001:2013 & 2022
• KISA ISMS-P 2023 (incl. Korean version)
• HIPAA Security Rule
• GxP 21 CFR Part 11
• GxP EU Annex 11
• NIST 800-171 Rev 2
• NIST 800-53 Rev 4 & Rev 5
• PCI DSS 4.0 & PCI DSS 3.2.1
• AWS Well-Architected Framework (Security & Reliability Pillars)
• AWS Account Security Onboarding
• AWS Foundational Technical Review
• AWS Audit Manager Control Tower Guardrails
• NIST Cybersecurity Framework (CSF) 1.1
• ENS_RD2022
• RBI Cyber Security Framework
• FFIEC Cybersecurity Assessment
• FedRAMP (Low & Moderate, Rev 4)
• NIS2 Directive

Azure

• PCI DSS 4.0
• SOC 2
• ISO/IEC 27001:2022
• CIS Benchmarks (2.0, 2.1, 3.0, 4.0)
• ENS_RD2022
• MITRE ATT&CK
• NIS2 Directive

GCP

• MITRE ATT&CK
• SOC 2
• CIS Benchmarks (2.0, 3.0, 4.0)
• ENS_RD2022
• PCI DSS 4.0
• ISO/IEC 27001:2022
• NIS2 Directive

Azure Organization Integration is now available in ControlMonkey, making it easier than ever for enterprises to govern and scale their Azure environments. For teams managing their Terraform, OpenTofu, or Terragrunt deployments across multiple subscriptions, this integration eliminates the need to onboard subscriptions one by one – delivering instant visibility, compliance, and automation at scale.

Introducing Azure Organization Integration

With Azure Organization Integration, ControlMonkey now supports seamless onboarding across dozens—or even hundreds—of Azure subscriptions in just a click.
You can also control what subscriptions to connect to ControlMonkey by choosing one or more Azure Management Groups.

Top benefits include:

• One-click onboarding for all Azure subscriptions
• Unified cloud inventory across the entire Azure footprint
• Automated backups spanning every subscription
• Consistent IaC governance across cloud environments
• Enterprise-ready scale to support regulated and governed organizations

“For enterprises operating Azure at scale, onboarding and governance must be frictionless. With Azure Organization Integration, we’re giving customers complete visibility, backup, and IaC governance across every subscription in just one step"

Ori Yemini

CTO, ControlMonkey

ControlMonkey for Cloud Governance 

By extending our multi-cloud enterprise capabilities, Azure Integration ensures teams:

• Gain visibility across all Azure subscriptions without manual setup
• Reduce risk with governed, consistent controls across accounts
• Strengthen IaC adoption and compliance at enterprise scale
• Confidently operate in regulated environments with full coverage

Ready to take control?

Explore Azure Organization today and bring order to your multi-subscription cloud – Lean More in our Product Showdown Next Week.

ControlMonkey now makes it easier than ever to work with Terraform variables. Our new “Load Variables from Code” feature lets you pull variables from your Terraform files automatically. This means no more manual entry and no missed inputs.

(New to Terraform variables? Read our Terraform Variables Guide to learn how they work and why they matter.)

Why Load Terraform Variables from Code?

Previously, every Terraform Stack setup meant manually entering variables — even if they were already defined in your code. This cloud has slowed down onboarding and left room for errors. These variables are typically declared in files like variables.tf following Terraform’s official variable configuration standards

Now, with a single click, ControlMonkey loads your Terraform variables directly from any variables.tf file in your git directory instantly.

How to Load Terraform Variables Automatically

When you create a new stack, ControlMonkey looks through your code directory and subfolders. It finds all declared variables and fills them in the UI. You can still modify values, mark them sensitive, or override as needed—without starting from zero.

Benefits of Loading Automatically

• Faster onboarding and stack creation
• Fewer input mistakes and mismatches – consistent use across environments
• Create dozens of variables in seconds

Use it on your next stack setup—click “Load Variables from Code” and let ControlMonkey do the rest.

Managing cloud infrastructure at scale requires complete visibility into every change.
But what happens when someone bypasses Terraform and modifies resources directly in the GCP console?

These untracked console changes, AKA ClickOps, can lead to drifts, misconfigurations, compliance violations, and security risks. Without visibility into these actions, teams are left troubleshooting unexpected issues instead of proactively managing their cloud.

Today, we’re excited to introduce ClickOps Scanner for GCP, a new capability for Google Cloud users that tracks and detects console operations across your GCP projects, ensuring that all infrastructure changes stay accounted for.

ClickOps Scanner for GCP

With ClickOps Scanner for GCP, ControlMonkey users can now:

• Monitor every change in real-time across GCP projects, whether intentional or unexpected.
• Resolve Terraform Drifts faster by quickly detecting the Cloud Event (ClickOps) that caused the configuration drift and shorten investigation and resolution times.
• Ensure compliance and security by keeping a complete audit trail of all infrastructure changes made through code or the console.
• Speed up debugging and root cause analysis. Quickly trace changes back to their source and understand the impact of every action.

Bring Total Cloud Control to your GCP Environment

Untracked console operations can create security risks and disrupt infrastructure stability.
With ClickOps Scanner for GCP, you get a complete insight into every manual change, so nothing slips through the cracks.

Ready to take control of your infrastructure?
Meet with our Terraform experts for a 30-minute technical call to learn more.

Keeping track of Infrastructure as Code (IaC) versions across multiple repositories can be a challenge.
With different teams using different versions of Terraform, Terragrunt, or OpenTofu, keeping track of compliant and vetted modules while ensuring alignment within the team becomes a burden.

Today, we are happy to announce the release of IaC Versions Explorer, the single source of truth for all your IaC versions.
This means:

• See it all in one place: Instantly view all Terraform, Terragrunt, and OpenTofu versions in use across your stacks.
• Prevent version drift: Identify outdated or unapproved versions.
• Standardize across teams: Ensure everyone uses the correct versions, reducing compatibility issues.
  

How It Works

The IaC Versions Explorer gives you a real-time view of all the Terraform and OpenTofu versions running in your environment. With just a few clicks, you can:

• See a full breakdown of the IaC versions in use.
• Drill down into each version to check where it’s deployed across namespaces and stacks.
• Catch outdated versions early and ensure consistency across all teams.

ControlMonkey helps eliminate uncertainty and keeps your IaC environments consistent by giving you complete visibility and Control.

No more misaligned versions

ControlMonkey’s Terraform Knowledge Hub solution provides all the tools to visualize and control your Terraform modules, providers, IaC versions, and repositories on a single platform. 

Ready to take control of your infrastructure?
Meet with our Terraform experts for a 30-minute technical call to learn more.

At ControlMonkey, we understand that every infrastructure deployment is unique. That’s why we built Custom Flow, a core feature of our Terraform CI/CD solution that allows you to integrate custom scripts before and after every phase of your Terraform deployment, from ‘terraform init to ‘terraform apply.’

With Custom Flow, DevOps teams can define pre- and post-execution step and automate essential tasks across their Terraform stacks.

Today, we are happy to announce that we’re taking it a step further by introducing Failure Behavior, which will give teams even more control over how deployments react to failing steps.

Custom Flow – Failure Behavior: Stop, Continue, or Ignore

Failures are inevitable when running complex infrastructure deployments.
But how your workflow responds to those failures makes all the difference.

With Failure Behavior, you can precisely define what happens when a custom script fails, ensuring a safer, more predictable deployment process.

Here’s what you can configure:

• stop: The run will stop if the custom step fails. (the default behavior)

• continue: The run will continue even if the custom step fails. However, the overall run will be considered failed when it ends.

• ignore: The run will continue even if the custom step fails. In this case, the overall run will be considered successful when it ends.

Without failure management, DevOps teams are forced to intervene manually when something goes wrong, leading to delays and uncertainty.

Failure Behavior is an additional automation layer on top of ‘Custom Flows,’ allowing ControlMonkey users to run Terraform with greater deployment confidence by defining clear failure-handling rules

Bringing Total Cloud Control with Terraform

With the addition of Failure Behavior, Custom Flow now gives you even more precision and automation in how your deployments handle unexpected scenarios.

ControlMonkey’s Terraform CI/CD solution provides all the tools to run your deployments with complete control on your terms.

Ready to take control of your infrastructure?
Meet with our Terraform experts for a 30-minute technical call to learn more.

Unauthorized console operations, aka “ClickOps,” are one of the major causes of Terraform Drifts that lead to costly production misconfigurations. It also bypasses the golden path of deploying infrastructure with a clear SDLC (Software Development Life Cycle)process.
Tracking infrastructure changes, ensuring cloud vs code integrity, and avoiding configuration drifts is an ongoing battle.
Today, we’re happy to bring our ClickOps scanner feature to Azure, giving cloud teams total real-time visibility into every infrastructure change made from the Azure console.

ClickOps Scanner for Azure

In large-scale cloud environments, every change made through the Azure console can potentially cause drifts, misconfigurations, or security risks.
Azure users now have a single source of truth for every change happening across their infrastructure.

ControlMonkey’s ClickOps Scanner for Azure is a simplified insights dashboard where users can easily understand:

• How many Console Operations (ClickOps) have been made on an Azure subscription at a given timeframe
• How many Other Operations (IaC) have been made on an Azure subscription at a given timeframe
• The breakdown of the operations by User
• The breakdown of the operation by Resource
• The complete audit of all cloud events with detailed information for quick investigation

With ClickOps Scanner for Azure, ControlMonkey users can now:

• Monitor every change in real-time across Azure subscriptions, whether intentional or unexpected.
• Resolve Terraform Drifts faster by quickly detecting the Cloud Event (ClickOps) that caused the configuration drift and shorten investigation and resolution times.
• Ensure compliance and security by keeping a complete audit trail of all infrastructure changes made through code or the console.
• Speed up debugging and root cause analysis. Quickly trace changes back to their source and understand the impact of every action.

Total Cloud Control for Azure

The ControlMonkey Terraform Automation Platform helps Azure users standardize, optimize, and secure their cloud infrastructure. ControlMonkey provides the necessary solutions to achieve Total Cloud Control with Terraform, whether managing a few subscriptions or an enterprise-scale Azure deployment.

Ready to take control of your infrastructure?
Meet with our Terraform experts for a 30-minute technical call to learn more.