Evaluating the Impact of Reinforcement Learning on Autonomous CI/CD Workflow Optimization

The convergence of DevSecOps and generative artificial intelligence (AI) signifies a transformative paradigm in contemporary software engineering, wherein security is no longer a static checkpoint but an adaptive, continuous, and intelligent process integrated into the entire software delivery pipeline. This paper explores the evolving role of large language models (LLMs), such as GPT and CodeBERT, in automating the detection and remediation of security vulnerabilities within code repositories. As organizations increasingly adopt Infrastructure-as-Code (IaC), microservices, and distributed development practices, the complexity and scale of codebases have rendered manual code reviews and conventional static analysis tools insufficient in achieving real-time, scalable security assurances. LLMs, with their capacity to comprehend, generate, and reason over code and natural language artifacts, offer a powerful augmentation to DevSecOps workflows. This study critically examines the architecture, training paradigms, and capabilities of LLMs in context-aware vulnerability identification, contextual code explanation, and automated patch generation. By leveraging transfer learning and fine-tuning techniques on curated vulnerability datasets such as CWE (Common Weakness Enumeration) and CVE (Common Vulnerabilities and Exposures), LLMs can serve as intelligent assistants that proactively identify insecure coding patterns and suggest compliant, secure alternatives in accordance with secure coding standards like OWASP ASVS. Furthermore, we present empirical insights from experiments integrating LLMs into continuous integration/continuous deployment (CI/CD) pipelines, showcasing enhancements in detection precision, reduction in time-to-remediation, and decreased developer cognitive load. In addition to technical evaluations, the paper reflects on the socio-technical implications of delegating security-critical tasks to AI agents, including challenges related to model explainability, false positives, bias in training data, and compliance with privacy and auditability standards. The findings affirm that the fusion of DevSecOps and generative AI is not merely an augmentation but a redefinition of how secure software is conceptualized, built, and maintained. This work contributes a foundational understanding of LLM-driven security augmentation and outlines a roadmap for future research at the intersection of secure software engineering, AI ethics, and operational scalability.