Last week, Cloudflare announced that AI agents can now autonomously create accounts, purchase domains, and deploy applications — all without human intervention. This isn’t a research paper or a proof of concept. It’s production-ready, available today, and it fundamentally changes the security and governance landscape for every development team.
If your organisation is building with AI agents (or plans to), this capability represents both a massive productivity unlock and a governance gap that existing controls simply weren’t designed for.
TL;DR
- AI agents can now autonomously create cloud accounts, buy domains, and deploy infrastructure without human approval
- Traditional IAM, procurement, and change management processes were built for human actors — they don’t account for machine-speed provisioning
- The cost difference between structured API calls and computer-use approaches is 45x — choosing the wrong integration pattern burns budget fast
- Teams need an agent infrastructure governance framework covering identity, spend limits, blast radius, and audit trails
- Start with least-privilege agent identities, hard spend caps, and mandatory human-in-the-loop for production deployments
What Just Changed
Until recently, AI agents operated within carefully scoped sandboxes. They could generate code, answer questions, and automate workflows — but creating real infrastructure required human approval at some point in the chain. That guardrail is disappearing.
Cloudflare’s announcement means agents can now complete the full lifecycle: register an account, configure DNS, provision Workers, deploy applications, and even purchase domains — all programmatically, all autonomously. And Cloudflare isn’t alone. AWS, GCP, and Azure all expose APIs that agents can call without any human gating mechanism beyond the initial credential.
The practical implication? An AI agent with appropriate API keys can spin up infrastructure in seconds that would have taken a developer hours and required multiple approval steps. That’s powerful. It’s also terrifying if you haven’t thought through governance.
Why Existing Controls Don’t Work
Most organisations rely on a combination of IAM policies, procurement workflows, and change advisory boards (CABs) to govern infrastructure provisioning. These were designed for a world where:
- Humans are the actors — requests flow through people who understand context and consequences
- Speed is measured in hours or days — there’s inherent friction that creates review opportunities
- Accounts map to individuals — audit trails assume a person made a decision
- Provisioning is discrete — you create a server, a database, a domain — not hundreds in a loop
AI agents break every one of these assumptions. They operate at machine speed, don’t inherently understand business context, can act under shared credentials, and can iterate in tight loops that create hundreds of resources before anyone notices.
The 45x Cost Problem
There’s another dimension to this that teams are overlooking: the economics of how agents interact with infrastructure APIs.
Recent benchmarks show that using “computer use” approaches (where an AI visually navigates dashboards) is approximately 45 times more expensive than structured API calls for equivalent tasks. This matters enormously when agents are provisioning infrastructure autonomously.
If your agent is creating Cloudflare Workers via structured API calls, the cost per operation is minimal. If it’s navigating the Cloudflare dashboard via computer use because you haven’t exposed the right APIs to it, you’re burning through your AI budget at an alarming rate — and getting slower, less reliable results.
The lesson: when designing agent-to-infrastructure integrations, always prefer structured APIs with explicit tool definitions over screen-scraping approaches. The cost and reliability differences are not marginal — they’re order-of-magnitude.
An Agent Infrastructure Governance Framework
Here’s what we recommend to clients building agent-powered systems that interact with cloud infrastructure:
1. Agent Identity and Least Privilege
Every agent that can provision infrastructure needs its own identity — not a shared service account, not a developer’s personal credentials. This identity should follow strict least-privilege principles:
- Scope to specific services and regions
- Time-bound credentials that expire and rotate automatically
- No wildcard permissions, ever
- Separate identities for development, staging, and production environments
2. Hard Spend Caps and Rate Limits
Agents don’t feel financial pain. A misconfigured loop can rack up thousands in cloud spend before a human notices. Implement:
- Per-agent daily and monthly spend ceilings
- Rate limits on resource creation (no more than N resources per hour)
- Automatic pause-and-alert when thresholds are approached
- Separate budgets for agent-provisioned vs human-provisioned infrastructure
3. Blast Radius Containment
If an agent goes rogue or gets compromised, how much damage can it do? Design for containment:
- Agent-provisioned resources in isolated accounts or projects
- No ability to modify existing production infrastructure
- Automatic tagging of agent-created resources for easy identification and cleanup
- Kill switches that can revoke all agent credentials instantly
4. Human-in-the-Loop for High-Impact Actions
Not every action needs human approval — that would negate the productivity benefits. But some actions absolutely should require it:
- Production deployments
- Domain purchases or DNS changes
- Any action that exposes services to the public internet
- Resource creation above defined cost thresholds
- Changes to security groups, firewall rules, or access policies
The pattern here is an approval queue where agents request permission for high-impact actions and pause until a human approves or denies.
5. Comprehensive Audit Trails
Every action an agent takes must be logged with full context: what was done, why (the prompt or goal that triggered it), which agent identity was used, and the complete chain of decisions that led to the action. This isn’t optional — it’s essential for incident response, compliance, and understanding agent behaviour over time.
The Chrome Problem: When Agents Install Without Consent
There’s a related pattern emerging that should concern every team: agents and AI systems that provision resources on your devices without explicit consent. Google Chrome recently made headlines for silently downloading a 4 GB AI model to users’ machines without asking. This is the same governance gap applied to end-user devices rather than cloud infrastructure.
The principle is the same: any system that provisions resources (whether cloud infrastructure or local storage) should require informed consent and provide clear opt-out mechanisms. If you’re building agents, don’t follow Chrome’s example. Be transparent about what your agents create and where.
What This Means for Your Team
Autonomous infrastructure provisioning by AI agents is not a future concern — it’s happening now. Teams that don’t adapt their governance frameworks will face:
- Shadow infrastructure — agent-created resources nobody knows about or maintains
- Cost blowouts — agents operating without financial constraints
- Security incidents — compromised agent credentials with overly broad permissions
- Compliance failures — inability to demonstrate who authorised what and why
The organisations that get this right will unlock genuine competitive advantage — faster deployments, lower operational overhead, and the ability to iterate at machine speed. But only if the governance keeps pace with the capability.
How REPTILEHAUS Can Help
We’re helping clients across Dublin and beyond design agent infrastructure governance frameworks — from identity architecture and spend controls to approval workflows and audit systems. Whether you’re just starting to experiment with AI agents or you’re already running them in production, we can help you build the guardrails that let you move fast without losing control.
Get in touch to discuss your agent infrastructure strategy.
