diff --git a/packages/@aws-cdk/cx-api/lib/features.ts b/packages/@aws-cdk/cx-api/lib/features.ts
index 986be7f4e136b..37c9aace0ce86 100644
--- a/packages/@aws-cdk/cx-api/lib/features.ts
+++ b/packages/@aws-cdk/cx-api/lib/features.ts
@@ -220,6 +220,6 @@ const FUTURE_FLAGS_DEFAULTS: { [key: string]: boolean } = {
   [CLOUDFRONT_DEFAULT_SECURITY_POLICY_TLS_V1_2_2021]: false,
 };
 
-export function futureFlagDefault(flag: string): boolean {
+export function futureFlagDefault(flag: string): boolean | undefined {
   return FUTURE_FLAGS_DEFAULTS[flag];
 }
diff --git a/packages/@aws-cdk/cx-api/test/features.test.ts b/packages/@aws-cdk/cx-api/test/features.test.ts
index 2aaa774b7b1c5..afc9c0838d7da 100644
--- a/packages/@aws-cdk/cx-api/test/features.test.ts
+++ b/packages/@aws-cdk/cx-api/test/features.test.ts
@@ -7,6 +7,10 @@ test('all future flags have defaults configured', () => {
   });
 });
 
+test('futureFlagDefault returns undefined if non existent flag was given', () => {
+  expect(feats.futureFlagDefault('non-existent-flag')).toEqual(undefined);
+});
+
 testLegacyBehavior('FUTURE_FLAGS_EXPIRED must be empty in CDKv1', Object, () => {
   expect(feats.FUTURE_FLAGS_EXPIRED.length).toEqual(0);
 });