Assessing the Impact of AI-Augmented DevSecOps on Lead Time in Agile Release Management

Background Despite increasing interest in generative artificial intelligence (AI) within DevSecOps environments, empirical evidence quantifying its impact on software delivery performance remains limited, particularly in regulated enterprise contexts. Lead time for changes is a core DevSecOps performance indicator, yet controlled evaluations of AI-augmented pipelines remain scarce. This study investigates whether on-premises generative AI integration can measurably reduce release lead time while preserving governance and quality controls. Methods A quasi-experimental within-team design was conducted across two consecutive two-week Scrum sprints in an enterprise environment developing internal sales, human resource, and biometric absence systems. Sprint 1 served as the baseline using a conventional DevSecOps pipeline. Sprint 2 introduced an AI-augmented pipeline integrating Retrieval-Augmented Generation (RAG) and Reinforcement Learning from Human Feedback (RLHF) within a GitLab–Docker CI/CD infrastructure. The primary outcome was lead time for changes. Secondary metrics included deployment frequency and change failure rate. Statistical analysis employed Welch’s t-test, effect size estimation (Cohen’s d), and confidence interval analysis. Results A total of 42 distinct changes (21 per sprint) were analyzed. Mean lead time decreased by 39.2% during the intervention sprint (Welch’s t(32.4) = 4.28, p = 0.00014), with a large effect size (Cohen’s d = 1.32) and a 95% confidence interval indicating a reduction of 15.8–37.4 hours. Security scanning time decreased by 64.6%, and approval latency decreased by 48.5%. Deployment frequency increased by 61.9%, while change failure rate declined from 14.3% to 8.7%. AI recommendation acceptance improved from 62.4% in Week 1 to 78.6% in Week 2 and was positively correlated with lead-time reduction (r = 0.73, p < 0.05). Conclusions On-premises human-in-the-loop generative AI significantly reduced DevSecOps lead time without compromising reliability or governance. The findings challenge the traditional speed–security tradeoff by demonstrating that AI-assisted security validation and release evaluation can simultaneously enhance delivery efficiency and operational stability in regulated enterprise environments. This study examines the influence of on-premises generative AI augmentation on DevSecOps release lead time within agile software development settings. Despite increasing interest in generative artificial intelligence (AI) within Development-Security-Operations (DevSecOps) environments, empirical evidence quantifying its impact on software delivery performance remains limited, particularly in regulated enterprise contexts. Lead time for changes is a core DevSecOps performance indicator, yet controlled evaluations of AI-augmented pipelines remain scarce. This study investigates whether on-premises generative AI integration can measurably reduce release lead time while preserving governance and quality controls. A quasi-experimental within-team design was conducted across two consecutive two-week Scrum sprints in an enterprise environment developing internal sales, human resource, and biometric absence systems. Sprint 1 served as the baseline using a conventional DevSecOps pipeline. Sprint 2 introduced an AI-augmented pipeline integrating Retrieval-Augmented Generation (RAG) and Reinforcement Learning from Human Feedback (RLHF) within a GitLab–Docker CI/CD infrastructure. The primary outcome was lead time for changes. Secondary metrics included deployment frequency and change failure rate. Statistical analysis employed Welch’s t-test, effect size estimation (Cohen’s d), and confidence interval analysis. A total of 42 distinct changes (21 per sprint) were analyzed. Mean lead time decreased by 39.2% during the intervention sprint (Welch’s t(32.4) = 4.28, p = 0.00014), with a large effect size (Cohen’s d = 1.32) and a 95% confidence interval indicating a reduction of 15.8–37.4 hours. Security scanning time decreased by 64.6%, and approval latency decreased by 48.5%. Deployment frequency increased by 61.9%, while change failure rate declined from 14.3% to 8.7%. AI recommendation acceptance improved from 62.4% in Week 1 to 78.6% in Week 2 and was positively correlated with lead-time reduction (r = 0.73, p < 0.05). On-premises human-in-the-loop generative AI significantly reduced DevSecOps lead time without compromising reliability or governance. The findings challenge the traditional speed–security tradeoff by demonstrating that AI-assisted DevSecOps validation and release evaluation can simultaneously enhance delivery efficiency and operational stability in regulated enterprise environments.