By Karl Woolfenden | BCN.news 

Cloud adoption has transformed modern enterprises, but it has also introduced unprecedented complexity. As organizations scale across multiple providers and hundreds of services, the promise of agility often collides with the realities of misconfigurations, compliance demands, and overstretched DevOps teams. 

For Ian Amit, Founder and CEO of Gomboc, the gap between finding problems and actually fixing them is where the industry has been falling short. 

“We never had a find problem,” Amit emphasized during our BCN.news interview. “Finding is easy. Fixing and remediating is the problem.” 

With more than 25 years in cybersecurity—spanning roles at Rapid7, Amazon, and ZeroFox—Amit has witnessed the same cycle play out: tools excel at surfacing alerts, but engineers are left drowning in tickets. Gomboc, founded to break this cycle, applies a deterministic AI model that transforms misconfigurations directly into actionable code-level fixes. 

From Complaints to Solutions 

Amit admits that Gomboc started as his “way of complaining” about the state of cloud security. “I was raised on the premise that you are not allowed to complain unless you can do something about it,” he explained. “So, Gomboc became my way of doing something.” 

What makes the problem so acute? Consider the landscape: most enterprises now operate across at least two or three cloud providers, each offering hundreds of continuously evolving services. Infrastructure as Code (IaC) frameworks help teams manage this sprawl, but they also create a widening knowledge gap. 

“Cloud providers continuously update and release new services,” Amit said. “That growing knowledge gap is exactly where AI should be applied—as a force multiplier that helps humans ingest and process massive amounts of data more effectively.” 

Deterministic vs. Generative AI 

Much of the industry conversation around AI focuses on generative models. But Amit cautions against this “shiny new hammer” approach. 

“Generative AI is probabilistic, not accurate. In engineering, we can’t afford hallucinations,” he explained. “You might produce 10 times the code faster, but you’ll also produce 10 times the bugs.” 

Instead, Gomboc leans on deterministic AI. Unlike generative models, deterministic AI ensures repeatability, precision, and trustworthiness. “Without those three elements, you’ll lose the trust of engineers,” Amit said. 

The distinction is critical: where generative AI might flood teams with draft fixes, deterministic AI provides verified, contextualized solutions that engineers can confidently deploy. 

The DevOps Pressure Cooker 

DevOps professionals often find themselves caught between competing metrics: speed and reliability. A flawless deployment can be undone overnight by a policy change from a cloud provider, forcing teams into reactive manual patching. 

“That human at the other end of all those tickets is bogged down, and it slows everything down,” I observed during our conversation. Amit agreed: 

“Finding issues is easy. But when you’re opening more tickets and creating more alerts, you’re just adding work. The engineer still has to stop what they’re doing and fix it. We focused Gomboc on the most annoying, repetitive parts of that process—figuring out the actual fix.” 

Instead of producing another queue of alerts, Gomboc delivers fixes directly into developer workflows. The platform’s dashboard, which Amit describes as a “reverse dashboard,” doesn’t just measure risk—it shows hours saved. 

“For every success metric in that dashboard, you can literally count the money,” he explained. “Every fix represents 10–12 hours of engineering time freed up. Now it’s two minutes of reviewing code instead of days of manual work.” 

Compliance in Plain English 

Boardrooms increasingly demand clarity around compliance, yet translating frameworks into actionable IaC policies has remained a sticking point. Gomboc simplifies this by allowing customers to write policies in natural language. 

“We don’t ask you to learn some new policy-as-code language,” Amit said. “We ask: can you speak English? Just tell us your policy, and we’ll apply it across your cloud infrastructure.” 

By turning compliance requirements into code-level rules, Gomboc helps organizations demonstrate progress from “point A to point B” and maintain consistency across environments. This is particularly critical in regulated industries like finance and healthcare, which Amit identified as early adopters of the platform. 

Scaling Efficiency Across Industries 

While regulated sectors were the first to embrace Gomboc, demand is growing across industries facing scaling pressures. Large technology companies, in particular, are seeking efficiency through AI. 

“One of our customers asked us to show ROI directly in dollar amounts on the dashboard,” Amit shared. “They already knew the cost of an engineering hour, so we simply multiplied it out. Now they can take that straight to the boardroom.” 

Ultimately, Gomboc isn’t measured by the number of alerts it generates. “We’re measured by efficiency, optimization, and ROI,” Amit said. “That’s what our customers really care about.” 

The Future of AI in Security 

Amit believes the industry is entering what he calls the “trough of disillusionment” with generative AI. Citing MIT and MITRE studies showing reduced productivity from generative coding assistants, he argues the field needs to recalibrate. 

“AI isn’t new—it’s been around for decades,” he reminded me. “What we need is better education on which AI tools are suited for which problems. Deterministic AI is built for engineering tasks where accuracy and repeatability matter most.” 

Looking ahead, Amit envisions AI augmenting—not replacing—human professionals. “AI should replace the repetitive, annoying tasks so humans can focus on higher-level problems,” he said. 

Closing Thoughts 

Gomboc’s philosophy cuts through the noise: don’t just identify risks, fix them. Don’t just add horsepower, strengthen the whole system. And don’t rely on probabilistic AI where precision is non-negotiable. 

As Amit put it, “Our job is to take away the mundane tasks, deliver accurate fixes, and give engineers the time to innovate.” 

In an era where cloud complexity grows by the day, that promise isn’t just technical—it’s strategic.