Bugz

Hey Product Hunt!

I've spent years watching DevOps teams wrestle with a fundamental tension: AI tools are incredible at generating infrastructure code, but they want your cloud credentials. That's a non-starter for most security-conscious organizations.

Here's the uncomfortable truth: every time you paste your AWS keys into an AI tool or grant it cloud access, you're trusting that service with the keys to your kingdom. One breach, one rogue employee, one misconfigured backend—and your entire infrastructure is exposed.

That's why we built Bugz (/Bugzeè/) with a split-credential architecture from day one.

Your AWS/GCP/Azure credentials never leave your machine. Ever. The AI backend only sees sanitized context we even tokenize IP addresses, ARNs, and hostnames before anything hits our servers. The "brain" (AI) proposes actions, but the "body" (your local CLI) executes them with your credentials, under your control.

What Bugz actually does:
- Generate Terraform/IaC through natural conversation
- Auto-scan with multiple IaC Scanners with consolidated reports and remediation steps.
- AI-powered remediation of security findings
- Human-in-the-loop deployment approval
- Multi-cloud support (AWS, GCP, Azure)
- Compliance-ready for HIPAA, SOC2, PCI-DSS

We think of it as "Claude Code for DevOps", a conversational co-pilot that can actually do things, not just suggest them.

What I'd love feedback on:
- What security scanners or compliance frameworks matter most to you?
- Are there specific cloud workflows that are painful today?
- Would you prefer self-hosted or managed backend options?

We're building this in the open and genuinely want to hear what would make Bugz useful for your team.

Thanks for checking us out!

— The Bugz Team