Public Preview: NetBox Validation Brings Continuous Compliance and Pre-Change Safety to the System of Record
NetBox Validation is now in Public Preview: continuous, control-mapped compliance and an automated safety guardrail on every human or agent-driven change, run offline against the NetBox system of record.
On June 11, NetBox Labs announced its infrastructure intelligence platform, a unified system that lets teams and AI agents model, see, act on, and govern infrastructure with confidence. Coinciding with NetBox’s 10th anniversary, the announcement includes NDX, NetBox Asset Lifecycle, NetBox Labs Platform MCP Server & Agent Skills, and NetBox Validation. Read the main blog post on this news for all the details.
The NetBox Labs platform is the system of record for what your infrastructure is supposed to be. NetBox Validation, now in Public Preview, puts that record to work in two ways: it produces continuous, control-mapped compliance evidence, and it checks that every change is safe before it ships.
NetBox Validation checks your change against intent, the network as it is supposed to be, not a discovered snapshot of the live network. That is a deliberate choice: NetBox Validation runs entirely offline against the system of record, with no SSH, no device credentials, and no network impact. There is no separate model to stand up, and NetBox Validation can check substantial environments in seconds.
Why we’re building NetBox Validation
Compliance is going continuous. The quarterly audit, assembled by hand from screenshots and spreadsheets, is giving way to always-on evidence that teams can produce on demand and map to the specific controls auditors cite. Network and infrastructure controls like segmentation, redundancy, and routing policy live in the network or datacenter design, so that evidence has to come from the system of record, not a general-purpose compliance platform.
At the same time, network change is adopting software engineering’s safety discipline. Branching, diffs, and review have arrived in infrastructure operations, but a staged change still needs an automated gate that catches problems before merge, the way CI gates code. Manual review misses the cross-object and fleet-wide issues that turn into outages and rollbacks. And critically, manual review won’t keep up with the accelerating pace of infrastructure change driven by agentic operations. Agents need pre-change guardrails for safety and self-correction, especially in critical infrastructure environments.
A change that clears manual review and still drops a segment, or a compliance gap an auditor surfaces months later, is the kind of expensive surprise teams can no longer absorb. NetBox Validation addresses both, from inside the platform you already run, before the changes hit the network.
NetBox Validation: What’s available now
Continuous compliance
Install a compliance framework pack, such as NIST 800-53 or PCI-DSS, and get a control-mapped baseline in minutes. Per-device scoring, scheduled runs, and trend tracking give you audit-ready evidence on demand, instead of assembling it by hand each quarter.
Pre-change safety
NetBox Validation runs automatically according to configurable triggers – like when you submit a change request for review, or on branch merge – and it is API-first, easily tied into CI/CD pipelines. It catches the risks a reviewer hopes to spot by eye: dropped redundancy, duplicate IPs, BGP misconfigurations, lost reachability, and new single points of failure. It blocks the merge until the change passes.
Because NetBox Validation runs offline against your NetBox Labs platform data, the depth of each check grows with the completeness of your model, and running NetBox Validation is fast – perfectly tailored for heavily automated or agent-driven environments.
Guardrails for AI agents
NetBox Validation is agent-native, with policies and workflows available to AI agents through the NetBox Labs Platform MCP server. An agent proposing a new VLAN can run NetBox Validation on the branch, see that it failed a segmentation policy, and correct itself before a human is ever interrupted to review the change, enabling confidence in agentic operations. Agents are increasingly driving real infrastructure workflows, and NetBox Validation is a major unlock that delivers safety for autonomous infrastructure operations.
How NetBox Validation works
NetBox Validation runs against your NetBox data and rendered configs, never the live network, and checks a proposed change three ways:
- policy compliance (intent measured against organizational and regulatory policy)
- configuration structure (rendered configs analyzed for reachability, routing, BGP, and ACL issues)
- physical resilience (power chains, blast radius, and single points of failure).
Hundreds of checks are built in, along with 8 compliance framework policy packs including NIS2/DORA, ISO 27001, NIST-800, NERC CIP, and more.
Availability and setup
NetBox Validation is a commercial capability for the NetBox Labs platform and full packaging and pricing will be shared as we approach GA. It’s available on NetBox Cloud today, with support for NetBox Enterprise (self-hosted) coming in the future.
Policy and compliance checks work against your existing NetBox Labs platform data with no extra setup; configuration checks come online once you have Config Templates, and resilience checks fill in as your power, cabling, and circuit data matures. You can start with policy and compliance, then expand over time.
How to get hands-on
Existing NetBox Cloud customers
Reach out to your account executive or customer success manager to opt into the Public Preview. They’ll help you assess which checks are active for your data, install your first framework pack, and connect you with the product team for feedback.
Not on NetBox Cloud yet?
Request a demo and we’ll walk through Validation alongside a broader platform conversation.
