AI Is Writing Too Much Code for Humans to Review — and Companies Are Scrambling

By Jaspal April 7, 2026 Updated: April 7, 2026

The pitch for AI coding tools has always been about speed: write code faster, ship features faster, move faster. And it worked — developers using tools like GitHub Copilot, Cursor, and Claude Code report dramatic productivity gains. The problem is that speed has a cost, and that cost is now showing up in enterprise security audits and incident reports.

A New York Times investigation published this week put numbers to what many engineers already knew: AI is generating code faster than humans can review it, and the code it generates carries serious security risks.

The Numbers Are Alarming

The data paints a clear picture of a system under stress:

25% of AI-generated code contains confirmed security vulnerabilities — one in four samples examined.
AI-generated code is 1.88x more likely to introduce vulnerabilities than equivalent human-written code.
Only 24% of organizations evaluate AI-generated code comprehensively before it ships.
Fewer than half of developers review AI-generated code before committing it to their codebase.
AI-generated code now accounts for 1 in 5 enterprise security breaches.

The term "vibe coding" — writing software by describing what you want in plain English and letting an AI fill in the implementation — has normalized a workflow where developers may not fully understand the code they're shipping. That's fine for a personal project. It's not fine when that code handles user authentication, payment processing, or medical records.

Why It's Getting Worse, Not Better

The volume problem is structural. As AI coding tools improve and become more deeply integrated into developer workflows, the ratio of AI-written code to human-reviewed code keeps widening. The bottleneck isn't the AI's output rate — it's the human's review rate, which hasn't changed.

Companies that adopted AI coding tools for their speed benefits didn't simultaneously scale their code review capacity. Many didn't have the security expertise to know they needed to. The result is a massive backlog of unreviewed, potentially vulnerable code running in production systems right now.

The Industry's Response

The market is beginning to respond. Anthropic launched a dedicated Code Review tool in March 2026, designed to catch bugs and vulnerabilities in AI-generated code before they make it into production. The tool runs inside Claude Code and flags specific categories of issues that AI coders frequently introduce.

Qodo, a startup building AI agents for code review, testing, and governance, raised a $70 million Series B round in March — a direct bet that the code verification market is about to explode. Other security vendors are positioning similar tools.

What This Actually Means

The AI coding revolution is real — the productivity gains are genuine and the tools will keep improving. But the assumption baked into many enterprise AI adoption plans — that AI-written code is "good enough" because the AI seems confident — is turning out to be dangerously wrong.

Code review exists for a reason. The discipline of having a human read and reason about code before it ships catches not just bugs but architectural mistakes, logic errors, and security flaws that automated tests don't always surface. Removing that step, or treating it as optional, is creating a new category of technical and security debt that companies are only now beginning to understand.

The speed gains are real. The bill is also real. It's coming due.