GitLab’s 2026 AI Accountability Report has discovered that organisations are adopting AI coding instruments sooner than they’re constructing the insurance policies and programs wanted to handle AI-generated code.
The report, carried out by The Harris Ballot, surveyed 1,528 builders and know-how patrons throughout six nations. It discovered that 80% of respondents stated their organisation adopted AI instruments sooner than it developed insurance policies to manipulate them, whereas 92% reported some type of governance problem with AI-generated code.
GitLab defines AI accountability as the flexibility to reply three questions on any line of AI-generated code: the place it got here from, what it was meant to do, and who’s answerable for it as soon as it reaches manufacturing. The report argues that many organisations can not but reply these questions reliably, at the same time as AI coding instruments turn into a part of software program growth workflows.
Sooner output is shifting the bottleneck
The report reveals that AI coding instruments are already being broadly used. GitLab discovered that 91% of organisations have two or extra AI coding instruments in lively use, whereas 54% have three or extra. Amongst respondents, 78% stated builders have been writing and committing code sooner since adopting AI instruments, and 73% stated total code high quality had improved.
These positive aspects usually are not translating evenly throughout the software program supply course of. In line with the report, 79% of respondents agreed that particular person developer productiveness had improved with AI, however the total software program supply course of had not accelerated on the similar tempo. GitLab described this because the “AI Paradox”.
The strain is transferring from writing code to checking it. GitLab discovered that 85% of respondents agreed AI had shifted the bottleneck to reviewing and validating code, whereas 84% stated the most important problem with AI-generated code was governing what occurs after it’s created.
That creates a sensible problem for software program groups. Sooner code technology can enhance output, nevertheless it additionally provides engineering, safety, and compliance groups extra code to grasp, overview, safe, and keep. The report discovered that 73% of respondents have been involved concerning the maintainability of AI-generated code of their organisation’s codebase, whereas 82% stated it risked creating a brand new type of technical debt their organisation was not ready to handle.
Traceability gaps restrict accountability
Traceability stays one of many clearest weaknesses recognized within the report. GitLab discovered that 43% of respondents couldn’t reliably distinguish AI-generated code from human-written code in their very own codebase.
Different obstacles have been tied to the way in which software program groups organise their instruments and workflows. Fragmented toolchains have been cited by 40% of respondents, whereas 39% pointed to programs that don’t monitor code origin. Solely 28% stated their software program growth lifecycle instruments have been absolutely built-in with shared information and workflows.
The report additionally discovered a niche between confidence and precise incident response. Whereas 87% of respondents have been assured their staff may decide inside 24 hours whether or not AI-generated code had contributed to a manufacturing incident, 34% of organisations that skilled an incident up to now 12 months couldn’t make that willpower.
That hole is essential as a result of accountability will depend on greater than understanding that AI instruments have been used. Organisations additionally must know which code was generated, the way it entered the codebase, what it was meant to do, and who stays answerable for it after deployment.
Governance spending is anticipated to rise
The report means that organisations are starting to deal with AI-generated code as a governance problem. GitLab discovered that 83% of organisations recognized AI-generated code accumulation as a danger to handle now, with 44% calling it a prime know-how danger.
Funding is more likely to observe. In line with the report, 91% of respondents are more likely to spend money on AI code governance instruments within the subsequent 12 months, whereas 98% have already allotted or anticipate to allocate funds. GitLab additionally discovered that 85% agreed the following part of AI in software program would focus much less on producing code and extra on governing it.
“AI coding instruments have delivered on their promise of velocity. However the occasions of the previous few months, together with provide chain assaults, reliability points, and regulators tightening expectations round AI traceability and provenance are making clear that velocity with out management is a legal responsibility, not a bonus,” stated Manav Khurana, Chief Product and Advertising and marketing Officer at GitLab. “The groups pondering forward are already asking the tougher query: can we really management all of the code we’re producing? The organisations that may ship trusted software program sooner are those constructing the foundations of accountability with context, traceability, and governance baked into the platform, not simply bolted on after the actual fact.”
For enterprises, the report factors to a management drawback that sits behind the productiveness positive aspects. AI coding instruments might assist builders produce code sooner, however the operational worth will depend on whether or not organisations can hint code origin, validate output, handle technical debt, and assign accountability as soon as generated code reaches manufacturing.