
AI Is Writing 41% of Your Code. Who's Reviewing It?
Forty-one percent of all new code committed globally is now AI-generated or AI-assisted. That number comes from Sonar's 2025 developer survey of 1,100 developers, and the trajectory points in only one direction — the average team expects to hit 65% within two years. Google reports that 25–30% of new code at Google is already AI-generated. Gartner projects that by 2028, 75% of enterprise software engineers will use AI code assistants, up from less than 10% in early 2023.
The speed is real. So is the debt.
A March 2026 empirical study by Liu et al. analyzed 304,362 verified AI-authored commits across 6,275 GitHub repositories and found that unresolved technical debt from AI-generated code climbed from a few hundred issues in early 2025 to over 110,000 surviving issues by February 2026. Almost a quarter of all tracked AI-introduced issues, 24.2%, still persist at the latest repository snapshot.
The question isn't whether your team is using AI to write code. They are. The question is whether your development process has the structural capacity to absorb what AI produces, at the speed it produces it.
What does AI-generated technical debt actually look like?
It doesn't seem to match the technical debt you're used to managing.
Traditional debt accumulates incrementally - deferred refactoring, skipped tests, shortcuts taken under deadline pressure. The developer who took the shortcut usually knows they took it. AI-generated debt is different. GitClear's analysis of over 211 million changed lines of code between 2020 and 2024 shows a 60% decline in refactored code as AI tools proliferated. Developers are favoring feature velocity over codebase health because the AI-assisted workflow makes it frictionless to add features and costly to reconsider them.
Ox Security's 2025 analysis of more than 300 repositories identified ten recurring anti-patterns present in 80–100% of AI-generated code: incomplete error handling, weak concurrency management, inconsistent architecture, missing input validation, and others. Their characterization is precise: AI-generated code behaves like the output of talented junior developers without architectural oversight.
CodeRabbit's analysis of 470 open-source pull requests found that AI-co-authored code had 1.7 times more major issues than human-written code, with elevated rates of logic errors, flawed control flow, and misconfigurations 75% more common than the human baseline. The code compiles. It runs. It passes the tests that were also generated by AI. Then it enters a codebase where someone will eventually need to understand, maintain, and extend it.
Why do developers feel faster but deliver slower?
This is the perception gap that engineering leaders need to understand, because it drives organizational decisions about tooling and headcount.
A 2025 study by METR examined experienced developers working within mature, complex codebases under the conditions most professional teams actually operate in. The results inverted expectations: actual task completion was 19% slower with AI tools, despite developers perceiving a roughly 20% speed improvement. That 39–44% gap between perception and measurement traces to two cognitive patterns. Developers tend to accept AI output with less scrutiny than code they write themselves, a well-documented automation bias. And because AI eliminates the typing, developers underestimate the cognitive load that remains: reviewing structure, verifying logic, testing edge cases, and integrating output into an existing system.
Stack Overflow's 2025 developer survey captures the same tension from a different angle. 84% of developers use or plan to use AI tools, yet only 29% trust the accuracy of AI-generated results. This is down 11 points from the prior year. Usage is rising while trust is falling. That's developers encountering, at scale, what the productivity data already shows: the output looks like progress, but requires verification that erodes the speed advantage.
The confidence inversion is particularly concerning. Qodo's survey of 609 developers found that junior developers (under two years of experience) report the lowest quality improvements from AI tools (51.9%) but the highest confidence in shipping AI code without review (60.2%). Senior developers see higher quality gains (68.2%) but are far less confident shipping unreviewed code (25.8%). The people least equipped to evaluate AI output are the most willing to ship it untouched.
What happens at month 12?
The first three months of AI coding adoption feel like a breakthrough. Feature velocity spikes. Sprint commitments land. The dashboard looks great.
Then the compounding starts.
LinearB's 2026 Software Engineering Benchmarks Report found that while pull requests per developer increased 20% with AI assistance, incidents per pull request increased 23.5%. Review times climbed 91%. AI-generated PRs waited 4.6 times longer for review than human-authored ones because reviewers are spending more time, not less, verifying output they didn't write and can't immediately reason about.
The longitudinal data from the Liu et al. study reinforces this: technical debt from AI-generated code doesn't plateau. It compounds. The cumulative volume of unresolved issues grew rapidly and continuously through their observation period. At 37.25 surviving issues per 100 AI-authored commits, the debt accrues faster than most teams can service it.
Forrester projects that 75% of technology decision-makers will face moderate-to-severe technical debt by 2026 from AI-speed development practices. Gartner goes further: by 2028, prompt-to-app approaches will increase software defects by 2,500% in the absence of governance controls. That's not a forecast about AI capability. It's a forecast about organizational readiness, or the lack of it.
What separates the top 20% of teams?
Not the tools. The structure around the tools.
The teams that avoid hitting the wall, typically 12–18 months in, where compounding debt stalls delivery, share three practices. First, they track AI-touched code separately and apply AI-specific quality gates, including security scanning, dependency checking, and complexity thresholds tuned to catch what AI tools are likely to miss. Second, they measure quality and speed together, not output volume in isolation. The metrics that matter in 2026 are code churn rate, change failure rate split by AI vs. human contributions, pull request revert rates, and explicit rework ratios. Third, they enforce governance structurally through CI/CD pipeline integration rather than through policy documents that rely on individual developer judgment about what needs closer review.
NIST's AI Risk Management Framework provides the conceptual foundation: the Govern and Map functions call for oversight of AI systems and mapping of risks across organizational processes. NIST SP 800-218A extends the Secure Software Development Framework specifically to AI-generated code. The governance frameworks exist. The gap is in implementation, specifically, in embedding those frameworks into development workflows where AI code is actually produced and shipped.
Structured methodology isn't optional anymore
The market response to AI code quality has been predictable: more scanners, more dashboards, more retrospective detection. Those tools find problems. They don't prevent them. And they don't address the structural gap - the absence of architectural judgment, business context, and quality-gate enforcement that experienced engineering teams apply by default.
ARKAVUS-Dev™ was built to address that structural gap. It's not a scanner. It's a structured development methodology that includes quality gates, governance constraints, and architectural standards embedded into the development process at the point where code is produced, not after it's committed. ARKAVUS-Dev was used to build ERIGO-OS™ and the entire ARKAVUS platform. The methodology produces the product. The product validates the methodology.
The organizations that will ship fast and stay fast are the ones building structure now - while the code is still reviewable and the debt is still serviceable. The ones that wait will spend 2027 rebuilding systems they stopped understanding six months after they shipped them. That cost compounds faster than anyone budgets for.
That's not a prediction. It's arithmetic.
Brian Morgan is the Founder & CEO of SMB Accelerators, Inc. and the architect of the ERIGO platform — an integrated governance, assessment, and runtime enforcement system for AI in federal and enterprise environments. He brings 20+ years of federal IT leadership, including serving as an IT Director at the VA ($100M+ budget, ~300 staff) and in senior positions at ManTech, Perspecta, and Agile Six. He is a published AMIA author, 2011 EHR Game Changer Award recipient, and holds FEAC CEA and FAC P/PM Senior credentials.
Explore ERIGO-OS → · Explore ERIGO-AI → · Book a call →
Sources
Sonar, "Developer Survey 2025," 2025 — via buildmvpfast.com
Gartner, "75% of Enterprise Software Engineers Will Use AI Code Assistants by 2028," April 2024 — gartner.com
Liu et al., "Debt Behind the AI Boom: A Large-Scale Empirical Study of AI-Generated Code in the Wild," arXiv, March 2026 — arxiv.org
GitClear, "AI Code Quality Analysis (2020–2024)," 2025 — via codebridge.tech
Ox Security, "Army of Juniors: The AI Code Security Crisis," October 2025 — infoq.com
CodeRabbit, "Open-Source AI Code Quality Analysis," December 2025 — via Wikipedia/Vibe coding
METR, "AI Developer Productivity Study," 2025 — via codebridge.tech
Stack Overflow, "Closing the Developer AI Trust Gap," February 2026 — stackoverflow.blog
Qodo, "Developer Survey (609 respondents)," 2025 — via buildmvpfast.com
LinearB, "2026 Software Engineering Benchmarks Report," 2026 — via byteiota.com
Forrester, "Technology Decision-Maker Technical Debt Forecast," 2025 — via buildmvpfast.com
Gartner, "Predicts 2026: AI Potential and Risks Emerge in Software Engineering Technologies," December 2025 — armorcode.com
NIST, "AI Risk Management Framework — Govern Function," 2025 — airc.nist.gov
NIST, "SP 800-218A: Secure Software Development Practices for Generative AI," 2025 — nvlpubs.nist.gov
