AI-Generated Code Is Spreading Faster Than Our Ability to Govern It

Written By Paul Nickerson

AI code is shipping more defects — and the accountability gap is widening. A recent study suggests AI-assisted code is shipping with around 1.7x more defects than code written entirely by humans.

That’s interesting. But it isn’t the main issue.

The real question is simple: when that code breaks, who actually owns it?

For years, software delivery has rested on an assumption. If you wrote the code, you understood it. And if you understood it, you could explain it under scrutiny — in a review, in production, or in an incident call.

That assumption sits underneath almost every safeguard we rely on: code review, CI pipelines, linting, staging environments, and peer review culture.

It is now weakening.

Scale

GitHub’s 2025 Octoverse data suggests that among Copilot users, roughly half of code written is now AI-assisted or AI-generated.

Separate analysis from CodeRabbit, reviewing hundreds of real pull requests, found AI-generated code carrying significantly more issues than human-written equivalents — including logic errors, security concerns, and performance regressions.

This is no longer experimental. It is already in production systems across the industry, including in the UK.

Code review

When AI generates a large portion of a change, and a human approves it after a quick scan because the tests pass, code review starts to change function.

It becomes verification of output rather than evaluation of intent.

Tests confirm behaviour under known conditions. Linters enforce consistency. Static analysis catches patterns. None of them confirm whether the system actually does what the product intended in the real world.

So the process still looks robust. But the depth of understanding behind it is thinner.

The reviewer is no longer validating something they fully understand end-to-end. They are validating something they did not write and may not fully reconstruct.

Ownership

Traditional “slop code” had a clear origin. Even when the quality was poor, there was always someone who could be asked what it was meant to do.

AI-generated code breaks that chain in a subtle way.

Now you often have:

  • a model generating the implementation

  • an engineer approving it

  • and a team inheriting it

None of those roles map cleanly to end-to-end understanding.

Responsibility becomes distributed, and in practice it tends to drift toward whoever is closest to the outcome rather than the code itself.

That is a structural change we are seeing.

Chaneges in code review

Code review is often about transferring understanding across a team.

That function weakens when no single person fully owns the mental model of what the code is doing.

The process still works mechanically. But cognitively, it starts to degrade.

More changes pass through because nothing breaks immediately, not because the system is fully understood.

Responsibility

As code generation accelerates, responsibility shifts away from authorship and towards definition of intent.

The people closest to product definition — often product managers and technical leads — become the only ones consistently positioned to answer:

  • What was this supposed to do?

  • What edge cases matter to users?

  • What does “correct” actually mean in practice?

  • What trade-offs were acceptable?

Engineering is no longer the bottleneck for output. Clarity of intent is.

Constraints

The question used to be: how fast can we write code?

It is now: how clearly can we define what the code should achieve?

If that definition is weak, AI will still produce something that compiles, passes tests, and ships — but may not solve the right problem.

That is the risk profile teams are quietly moving into.

The way forward?

If this direction continues, three things matter more than tooling:

1. Better specification discipline

Ambiguity is now amplified, not absorbed. Weak requirements become fast, wrong implementations.

2. Evaluation beyond testing

Passing tests is not enough. Teams need stronger validation of real-world behaviour and edge cases.

3. Explicit ownership of intent

Someone must own the “why” of a system, not just the “what was merged”.

The question teams need to answer

The industry is moving quickly towards a world where large parts of the codebase are generated rather than written.

That is not inherently a problem.

The problem is whether anyone can still explain, clearly and consistently, why the system behaves the way it does when something goes wrong.

Because in the end, debugging was always about understanding intent.

And intent is exactly what is getting diluted.

Paul Nickerson

I’m Paul Nickerson, a former digital consultant now working in-house, with 20+ years’ experience across eCommerce, public sector and B2B. I’ve supported organisations including , Morrisons, Barbour, Kcom and Giacom, alongside SMEs and agencies, delivering platform migrations, digital product development and performance improvement work.

I focus on practical delivery and getting things shipped, not theory. Based in East Yorkshire, I’m also editor of the Beverley Review, a school governor, and a former local councillor and non-executive director at NHS Digital.

http://www.nickersonco.co.uk
Next

10 Secrets of B2B Site Search