Exploring the Integration of DevSecOps Practices in AI/ML-Driven Cloud Infrastructures Using AWS for Enhanced Security Automation

Abstract

The convergence of DevSecOps, artificial intelligence/machine learning (AI/ML), and cloud technologies represents a transformative shift in software development and infrastructure management. This paper investigates the integration of DevSecOps principles into AI/ML-driven cloud infrastructures hosted on Amazon Web Services (AWS), aiming to enhance security automation in real-time deployments. As cloud-native applications scale with increasing complexity, security vulnerabilities also multiply, requiring a proactive, automated, and intelligent approach to detection, mitigation, and response. DevSecOps embeds security at every stage of the development lifecycle, while AI/ML introduces adaptability and pattern recognition capabilities that enable predictive threat management. AWS provides a flexible and scalable environment supporting multiple DevSecOps tools and AI/ML frameworks such as SageMaker, GuardDuty, CodePipeline, and Amazon Inspector. The study adopts a mixed-methods approach involving both qualitative and quantitative analyses, including case studies, structured interviews with cloud security professionals, and experimental testing using simulated threat scenarios. By leveraging real-world deployments and analyzing telemetry data, the research reveals how integrating AI-driven anomaly detection with continuous integration/continuous deployment (CI/CD) pipelines automates incident response and enhances compliance with industry standards such as ISO 27001 and SOC 2. Key findings indicate a 47% reduction in mean time to detect (MTTD) and a 63% improvement in mean time to respond (MTTR) to security breaches when DevSecOps practices are effectively implemented with machine learning-enhanced automation on AWS infrastructure. The research also explores ethical and organizational implications, such as the potential for algorithmic bias in security tools and the necessity of cross-functional training for developers, data scientists, and security teams. Limitations include varying levels of maturity in adopting DevSecOps frameworks across organizations and dependence on vendor-specific APIs. The conclusions emphasize the critical need for adaptive security measures in cloud-native AI systems and recommend a structured framework for DevSecOps adoption in AWS environments, ensuring resilience, scalability, and trust. The study contributes to the growing field of intelligent cybersecurity automation, proposing actionable methodologies for academic, industrial, and regulatory stakeholders seeking to secure AI/ML workloads in modern cloud ecosystems.