Analyst(s): Mitch Ashley
Publication Date: October 14, 2025
What is Covered in this Article:
- HashiCorp introduced Project Infragraph, a real-time data graph for policy-aware AI and agentic automation.
- The launch of Terraform MCP Servers establishes a governed interface for AI agents to interact with infrastructure-as-code.
- New features like HYOK encryption and Terraform Stacks support Day-2 operations and enterprise-scale security.
- Security products like Vault gain new features, including protected secrets and IDE scanning. Boundary adds RDP credential injection (beta) and Vault Radar Jira SaaS scanning (GA) + IDE plugin (beta). Vault Enterprise 1.21 adds VSO-protected secrets and SPIFFE integration (announced) for enhanced application security.
- These announcements lay a roadmap to connect with IBM watsonx and Red Hat platforms, unifying automation and AI across the portfolio.
The Event – Major Themes & Vendor Moves: At HashiConf 2025, HashiCorp shifted its narrative from theoretical vision to a tangible roadmap for “agentic infrastructure.” This new direction centers on creating automation systems that can autonomously reason, act, and enforce policy.
The core announcement was Project Infragraph (private beta, December 2025), a centralized, trusted data substrate that is what AI and autonomous agents need for safe and contextual action. A real-time infrastructure graph living within the HashiCorp Cloud Platform (HCP). Infragraph is designed to unify infrastructure state, configuration, policy, and ownership metadata across disparate hybrid and multi-cloud environments.
To agent-enable this strategy, HashiCorp introduced Terraform, Vault, and Vault Radar MCP servers that expose secure, auditable RBAC endpoints for AI agents. HashiCorp announced MCP servers for Terraform, Vault, and Vault Radar to enable secure, auditable, role-scoped agent access, turning core HashiCorp products into controlled execution environments for AI-driven workflows.
Terraform Stacks (GA) for multi-workspace orchestration, HCP Terraform Actions (beta) for Ansible integration, and HYOK (GA) for artifact encryption underscore a push into governed Day-2 operations.. These updates underscore a commitment to continuous operational governance, not just initial provisioning.
IBM HashiCorp Stakes Its Claim to Agentic Infrastructure
Analyst Take: HashiCorp is making a definitive play to be the standard for agentic infrastructure in the enterprise. Grabbing the mantle of agentic infrastructure is a bold move for any company, one that must be backed up with the ability to deliver, lest it be tossed onto the AI-hype scrap heap.
Agentic operations require far more than configuration files; they need real-time situational awareness. Infragraph unifies state, topology, ownership, and policy across hybrid clouds, giving agents the necessary context to reason about complex infrastructure management.
Architecturally, Project Infragraph and the new MCP Servers combination effectively establishes the foundation of an infrastructure AI-Control plane optimized for machine reasoning, no longer limited to traditional human-centric interfaces and procedural automations. Terraform Stacks orchestrate agents implementing changes while enforcing policies via Terraform and MCP servers, and Vault security controls.
Technological achievements alone are insufficient to win over and build operational trust in agentic AI by enterprise infrastructure and operations organizations.
Bring The Bona Fides
This wave of agentic infrastructure announcements marks the first major strategic and product articulation strongly leaning into the strengths of the combined IBM and HashiCorp entities, an alignment that became feasible following recent organizational changes.
This strategic move is massively credible given IBM’s decades-long, deep expertise in managing very large, complex enterprise IT infrastructure. Moreover, AI is not a new phenomenon at IBM, which brings added credibility and institutional trust as HashiCorp implements agentic infrastructure and operations.
It’s also notable that this is more than a narrow HashiCorp product announcement; it seamlessly bridges capabilities across Red Hat OpenShift, Ansible, HashiCorp, and IBM offerings, representing a strong step toward delivering on the benefits expected from the Red Hat and HashiCorp acquisitions.
HashiCorp’s announcements brings a significant strategic lift to IBM, extending its enterprise automation reach directly into the rapidly developing agentic infrastructure space. By introducing Project Infragraph and the MCP servers, IBM gains a unified framework where configuration, security, and operational data converge into a single, reasoned graph.
This will be critical to IBM’s go-forward mission to continue leaning into the benefits of this combined technology architecture, deep enterprise knowledgebase, and customer trust, especially with quantum computing on the horizon.
What to Watch:
- Project Infragraph remains in private beta, requiring close monitoring of its development and integration timelines, especially with key IBM and Red Hat tooling.
- Multi-cloud is extremely important to customers and partners. Maintaining HashiCorp’s historical vendor neutrality will be a difficult balancing act while simultaneously pursuing IBM-focused integration strategies.
- Potential Competitive Moves
- Google Cloud may look to extend its Cloud Operations Suite with graph-based intelligence that could eventually inform Gemini models.
- Microsoft Azure could explore deeper integration with Microsoft Entra ID (Azure AD) to enable stronger identity verification and auditing for agent-driven infrastructure actions.
- AWS is expected to strengthen AgentCore’s governance-as-a-service by integrating agent policies directly with AWS Organizations and Service Control Policies (SCPs) for centralized control.
See the complete press release covering announcements made during HashiConf 2025.
Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.
Other insights from Futurum:
Futurum Signal Software Development Platforms
Efficiency & Innovation: IBM LinuxONE for Modern Workloads
IBM TechXchange 2025: The Real Headliner is Data, Not AI
Image Credit: HashiCorp
Author Information
Mitch Ashley is VP and Practice Lead of Software Lifecycle Engineering for The Futurum Group. Mitch has over 30+ years of experience as an entrepreneur, industry analyst, product development, and IT leader, with expertise in software engineering, cybersecurity, DevOps, DevSecOps, cloud, and AI. As an entrepreneur, CTO, CIO, and head of engineering, Mitch led the creation of award-winning cybersecurity products utilized in the private and public sectors, including the U.S. Department of Defense and all military branches. Mitch also led managed PKI services for broadband, Wi-Fi, IoT, energy management and 5G industries, product certification test labs, an online SaaS (93m transactions annually), and the development of video-on-demand and Internet cable services, and a national broadband network.
Mitch shares his experiences as an analyst, keynote and conference speaker, panelist, host, moderator, and expert interviewer discussing CIO/CTO leadership, product and software development, DevOps, DevSecOps, containerization, container orchestration, AI/ML/GenAI, platform engineering, SRE, and cybersecurity. He publishes his research on futurumgroup.com and TechstrongResearch.com/resources. He hosts multiple award-winning video and podcast series, including DevOps Unbound, CISO Talk, and Techstrong Gang.
