Clara Copilot AI builds a secure, scalable foundation for defense AI with Gruntwork

Clara Copilot AI is a defense technology startup that's building an AI-enabled command center for influence and information dominance. Their technology supports psychological operations, civil affairs, and intelligence teams across the U.S. Department of Defense. Clara applies generative AI and automation to interpret real-time global events, disinformation campaigns, and doctrinal sources (e.g. policies and guidelines) to help defense leaders make informed decisions.

As a lean startup with high compliance requirements, Clara had to deliver quickly without compromising on security or infrastructure clarity. Co-founder and CTO Tyson Myhres handled DevOps responsibilities in addition to his engineering and executive roles, making manual infrastructure management unsustainable. The need to standardize deployments, improve audit readiness, and stay focused on product delivery led Clara to Gruntwork.

The startup CTO challenge: “I don’t have time to DevOps”

When Clara launched, infrastructure was stitched together with clickops, some rudimentary Terraform, and a contractor-built Kubernetes cluster. Tyson knew the risks of this approach, especially in a national security context, but with competing responsibilities ranging from compliance to proposal writing to engineering management, he didn’t have the bandwidth to build robust infrastructure from scratch.

Clara’s primary customer, the U.S. Special Operations Command (SOCOM), required alignment with strict standards like NIST 800-171 and FedRAMP. Commercial tools that abstracted infrastructure behind proprietary portals didn’t meet Clara’s need for transparency, hands-on control, or auditability. Tyson needed reusable patterns, not another black box.

In fact, he chose Gruntwork for a simple reason: “I wanted infrastructure that didn’t fall apart, but I didn’t have time to build it myself.”

Self-serve IaC that just works and keeps on scaling

Tyson began using Gruntwork’s service catalog to establish a solid infrastructure foundation on AWS. Rather than spending weeks writing and debugging Terraform code from scratch, he could drop in production-grade modules with best-practice defaults. Later, he adjusted only what needed to change.

He described the experience as using infrastructure LEGO: “The modules are like LEGO pieces, but what I needed was a whole city. Gruntwork gave me the city.”

Some of the biggest wins included:

• Cross-account resource management: Tyson configured DNS and ECR once and reused those patterns across environments without re-engineering them.
• Security by default: Because modules aligned with AWS CIS benchmarks, Clara gained an early edge on compliance efforts. This was critical for building trust with federal stakeholders.
• Zero lock-in: Unlike portal-based offerings, Gruntwork let Tyson read the code, understand it, and modify it directly, keeping him in full control of what was running and why.
• Usable documentation: Gruntwork’s documentation gave him a clear path to avoid constantly reaching out for support, even as a solo operator.

Within just a few weeks of Clara’s initial onboarding, infrastructure was no longer a liability and became a core strength. Tyson shares: “Infrastructure used to feel like a time sink. With Gruntwork, I can deploy what I need, when I need it, and get back to the rest of the job.”

From startup chaos to security credibility

Clara’s infrastructure overhaul needed to be fast and trustworthy. As the company prepares for FedRAMP audits in anticipation of an official ATO (Authorization to Operate) designation, Tyson must demonstrate adherence to frameworks like NIST 800-171. Gruntwork’s opinionated defaults gave Tyson the confidence that his infrastructure could pass inspection, even if some modules would require tailoring.

That confidence paid off. In a meeting with SOCOM’s S&T senior leadership, one of the first questions was about Clara’s security posture. Tyson explained the use of Gruntwork and the AWS CIS controls, showcasing a mature DOD-focused security posture through Gruntwork's integrated AWS CIS Benchmark controls. “Presenting this level of compliance preparation during discovery conversations positioned us to essentially bypass typical prerequisite lines of questioning and advance directly to substantive discussions about mission impact and value delivery.”

That brief moment signaled a major milestone: being seen as a credible AI company and platform provider for mission-critical systems.

Clara’s quantitative shift has been clear:

• No more tribal knowledge: Codified infrastructure patterns reduce risk if personnel changes.
• Fewer mistakes: Proven modules mean fewer late-night debugging sessions.
• Stronger compliance posture: Clara is now “well underway” in preparing for audits that most early-stage startups avoid entirely.

For Tyson, Gruntwork has Clara “closer to audit-ready than companies 10x our size, and that’s all thanks to Gruntwork's dedication to standardized best practices and security compliance.”

Scaling the platform without scaling headcount

There’s still a long roadmap ahead, which includes pipeline automation , drift detection, expanding coverage using Stacks, and collaboration on features to streamline NIST compliance. Tyson is exploring ways to integrate Clara’s infrastructure planning more directly into the company’s broader AI and cybersecurity initiatives.

For now, Gruntwork remains his “infrastructure toolkit in a box” as a practical, powerful way to do enterprise-grade DevOps with startup-level resources. He adds, “Gruntwork isn’t a managed service where you click and hope for the best. It’s a well-documented, modular, and customizable foundation, which is exactly what I need to build Clara’s future.”

‍