The Hidden Risk Behind AI-Powered Software Development 

By Peter Hesse

Peter Hesse is a Partner at 10Pearls, helping organizations navigate AI transformation, digital modernization, and complex technology initiatives. His expertise in security, governance, and enterprise-scale operations informs his perspectives on turning emerging technologies into lasting business value.

The productivity gains from AI-powered software development are difficult to ignore. McKinsey found that generative AI coding tools can reduce time spent on code generation by 35–45% and refactoring by 20–30%, with some teams seeing 50-75% productivity gains. GitHub’s Octoverse data  backs this up: 80% of new developers use GitHub Copilot within their first week, while merged pull requests (PR) increased 23% year over year and commits rose by approximately 25%. But productivity is only one side of the equation. The challenge is no longer generating code; it’s ensuring that quality assurance, architectural oversight, and governance can scale alongside it.

Blog contents

Code generation is outpacing code review 

There’s a figure buried within the same GitHub data showing that while coding activity continues to increase, collaboration and review activity are not keeping pace. Comments on issues and PRs were essentially flat year over year, while comments on commits declined by 27%, suggesting that communication and review activity has not scaled at the same pace as code activity. 

The bottleneck is no longer generating code. It’s ensuring that code is properly reviewed, governed, and validated. AI-generated code can look clean and pass surface-level checks while still introducing problems that only become apparent downstream. It may function in isolation but fail to integrate properly into larger systems. It may introduce security gaps that aren’t apparent until a production incident. It can appear to work while quietly accumulating technical debt that can prove expensive to unwind. 

Why more code doesn’t mean better software 

Here is the uncomfortable truth that the AI productivity narrative tends to gloss over. When we measure developer productivity by volume — commits, pull requests, lines of code merged — we are measuring outputs, not outcomes. We’re counting activity, not quality. 

The rigor applied to ensuring that code is architecturally sound, secure, and maintainable has not kept pace. Like cloud adoption before it, AI-assisted development risks prioritizing speed before governance, creating quality, security, and operational challenges that compound over time. 

Why human oversight still matters 

The decline in comments on commits is a proxy for something deeper: a cultural and structural gap in how engineering organizations have adapted their quality assurance practices to an AI-assisted reality.  Effective code review has never been purely about catching syntax errors. At its core, it’s a collaborative act of judgment — one that requires a human engineer to answer questions that AI is not yet well-positioned to answer reliably. Will this architecture scale? Does it introduce security risk? Will it remain maintainable as the system evolves?

What we’re increasingly seeing instead is a new form of rubber-stamping. AI generates code quickly. Developers, freed from the friction of writing boilerplate, move on quickly. Code merges quickly. The review step — the one that historically served as the quality checkpoint — becomes a formality rather than a function.

How enterprises can reduce AI development risk 

The path forward is not to slow down AI adoption in engineering. It’s for organizations to invest as much in governance, quality assurance, and oversight as they are in AI-powered development.  

1. Redesign review processes

Traditional review practices were not built for AI-generated code. Review checklists, required annotations, and structured sign-off processes should reflect the new reality of what’s being reviewed. 

2. Elevate architectural oversight

The greatest risk isn’t individual bugs—it’s the accumulation of architectural decisions across hundreds of AI-generated pull requests. Organizations need dedicated review mechanisms that operate above the level of individual commits. 

3. Use AI to strengthen quality assurance

Static analysis tools, AI-powered security scanning, and automated architectural validation can help identify risk at the same speed code is being generated. 

4. Maintain human accountability 

 AI can surface signals, but humans remain responsible for decisions and outcomes. The most successful organizations will continue to hold engineering teams accountable for both speed and quality. 

How 10Pearls  helps you scale AI responsibly 

We work with enterprises across industries that are navigating this transition, and the pattern is consistent: the teams that are thriving aren't the ones using the most AI. They're the ones that have been most deliberate about governance, review processes, and quality controls to ensure AI is used effectively. 

As an AI-native digital engineering partner, 10Pearls helps enterprises integrate AI across the software development lifecycle while maintaining the security, quality, and architectural rigor required for long-term success. Organizations have the technology to build faster than ever before. The question is whether they have the discipline to build better at the same time.  

Exelon Recognizes 10Pearls for Advancing Inclusivity in Business Practices

Get in touch with us

Global digital transformation and product engineering partner

Related articles

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly necessary cookies

Strictly necessary cookies should be enabled at all times so that we can save your preferences for cookie settings.

Third-party cookies

This website uses third party tools such as Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.