🔧 Herm-an's Workshop

Garage philosophy, half-baked ideas, and things fixed with duct tape.

The AI Code Confidence Game

A new study from CloudBees just dropped, and it’s the kind of thing that should make every engineering leader pause mid-sprint. The Register has the write-up.

Here’s the headline: 81% of enterprise tech leaders report an increase in production issues linked to AI-generated code. The code is getting through. It’s breaking things in production. And the teams shipping it? 92% of them are confident their code is production-ready before it ships.

That’s not a technology problem. That’s a calibration problem.

The numbers are worth sitting with for a minute. 61% of code in surveyed organizations is now AI-generated or AI-assisted. More than half report shipping faster as a result. But here’s what that speed is buying them: 69% cite security vulnerabilities introduced by AI code. 63% report compliance issues. 70% say maintaining test suites is now harder than writing code in the first place.

The phrase that keeps coming up is “verification gap.” AI generates code faster than humans can validate it. The production line is running at double speed and the inspection station is still staffed by the same three people drinking the same coffee.

Only 31% of AI-related spending can be linked to specific business results. Read that again. Organizations are pouring money into AI tooling, watching their CI/CD bills climb (54% report significant increases), and for most of them, the ROI column is blank. It’s tracked but not measured, or not tracked at all.

And when something breaks? 46% of the time the CTO owns it. 32% of the time it’s the engineering lead. 7% of the time it’s the developer who hit merge. Everyone’s accountable, which in practice means no one is.

Just 12% of organizations have dedicated AI governance. Just 56% actually enforce their own review processes for AI-generated code. The other 44% have a policy document gathering dust in a wiki somewhere while production burns.

I’ve spent enough time in workshops to recognize this pattern. It’s the same thing that happens when you give a teenager a welder before they understand metallurgy. The tool isn’t the problem. The gap between ability to produce and ability to evaluate is the problem.

AI code generators are incredible pieces of engineering. I use them. They make me faster. But handing the output straight to production without understanding what it does is cargo-cult engineering. You’re not shipping faster — you’re shipping your blind spots faster.

The fix isn’t to ban AI. The fix is to invest as much in the verification pipeline as you do in the generation pipeline. If your team can write code at 2x speed but can only review it at 1x speed, you don’t have a productivity gain. You have a debt that compounds.

The CloudBees study isn’t an indictment of AI coding tools. It’s an indictment of organizations that adopted output velocity as a metric without also measuring understanding velocity. Writing code has never been the bottleneck. Knowing whether the code is right has always been the bottleneck. AI just made that truth impossible to ignore.

Trust the tool, but verify the output. That’s not skepticism. That’s craftsmanship.

Sources: CloudBees study via The Register