Code Overview Can not Scale to the AI Period.
Open two pull requests facet by facet. One was written by an individual who’s owned this module for 3 years. The opposite was written by an agent who has by no means seen this codebase earlier than at this time. Strip the creator subject and the timestamps. Look solely on the diff.
More and more, the excellence might matter lower than it used to, to the reviewer approving them as a lot as to anybody else.
That’s not a failure of the reviewer. It’s a failure of the unit of measurement. Code evaluate was constructed to guage diffs, on the belief {that a} diff carries sufficient sign to evaluate the work behind it. That assumption held for so long as the quantity of diffs stayed roughly proportional to the quantity of people that’d thought rigorously about each. It doesn’t maintain anymore, and the place that exhibits up first isn’t within the code. It’s in how assured reviewers really feel whereas studying it.
Let’s be exact about what sort of failure that is. Code evaluate was constructed to catch correctness, readability, maintainability, and the plain bugs {that a} second set of eyes spots quick. It was by no means designed to detect architectural duplication, system-wide coupling, cross-service redundancy, or technical debt accumulating quietly throughout many unbiased modifications. That mismatch predates AI; a sufficiently distracted or rushed human reviewer might miss these issues, too. What’s new is the quantity and confidence now flowing by means of precisely the facet of the ledger evaluate was by no means constructed to police. The argument that follows isn’t that code evaluate broke. It’s that code evaluate is being requested to measure one thing it was by no means designed to measure.
What Modified
Code evaluate was a dialog between two individuals who had every written code earlier than. A reviewer introduced pattern-matching constructed from years of being burned by their very own bugs. The tempo was gradual as a result of the availability of code was gradual: one engineer, one ticket, one diff, roughly bounded by how briskly an individual can kind and assume.
That sure is gone. GitHub’s personal 2025 Octoverse report exhibits builders merging 43.2 million pull requests on common every month, up 23 p.c 12 months over 12 months. The constraint was by no means actually “can a human evaluate this diff.” It was “Can the availability of diffs keep inside just a few multiples of what a crew of people can learn?” AI eliminated that ceiling on one facet of the equation and left it untouched on the opposite.
The Scale Is Already Concrete
This isn’t a forecast. CodeRabbit alone has reviewed over 13 million pull requests throughout greater than 2 million linked repositories. Opsera’s 2026 benchmark, drawn from greater than 250,000 builders throughout 60-plus enterprises, discovered AI-assisted groups minimize time-to-PR by as much as 58 p.c. Faros AI’s telemetry, drawn from 22,000 builders throughout greater than 4,000 groups, discovered AI-heavy durations correlate with 98 p.c extra pull requests and PRs which might be 154 p.c bigger than their pre-AI baseline (whoa!). Era has scaled far quicker than organizations’ capability to evaluate what it produces.
The Three Strain Factors
The bottleneck isn’t one downside; it’s three compounding ones.
Quantity outpaces consideration. Extra PRs, bigger PRs, similar variety of human reviewer-hours in a day. Opsera additionally discovered that regardless of PRs being created as much as 58 p.c quicker, AI-generated PRs wait 4.6 instances longer to even get picked up for evaluate. The queue isn’t slower as a result of reviewers received worse. It’s slower as a result of the enter price doubled, and the output price didn’t.
Problem density is increased in AI-authored PRs. CodeRabbit’s personal “State of AI vs Human Code Era’ report, an evaluation of 470 open-source pull requests, discovered AI-coauthored PRs carry roughly 1.7 instances extra points general than human-only PRS, 10.83 points per PR versus 6.45, and the breakdown is sharper than the headline quantity suggests: logic and correctness errors had been 75 p.c extra widespread, safety vulnerabilities as much as 2.74 instances increased, and error-handling gaps practically twice as frequent.
GitHub’s personal knowledge factors in the identical course: Damaged Entry Management overtook Injection as GitHub’s commonest CodeQL alert in 2025, flagged in additional than 151,000 repositories, up 172 p.c 12 months over 12 months, which GitHub engineers attribute largely to AI-generated scaffolds that skip important authentication checks. One vendor’s structured research plus a platform-wide sign in step with the identical course: extra code arriving, and a better fraction of it exhibiting hassle within the classes that matter most.
Belief calibration is inconsistent and principally casual. Builders don’t deal with AI evaluate feedback as authoritative. Analysis on agentic coding pull requests on GitHub, citing a 2024 research of how engineers responded to ChatGPT-generated evaluate suggestions, discovered options had been met with skepticism or disagreement near a 3rd of the time, and even then, principally by means of advert hoc judgment fairly than any team-wide commonplace for when to belief the machine and when to not.
None of those three is deadly by itself. Collectively, they describe a system absorbing extra load, with much less margin, and no shared protocol for the place to use scrutiny.
The Comfy Assumption
Right here’s the place the plain response lives, and it’s not a foul one: deploy AI to evaluate the AI. If brokers can generate code quicker than people can learn it, use brokers to learn it too. CodeRabbit, GitHub’s personal evaluate brokers, Greptile, Qodo, and Cursor’s BugBot. The market has answered this precise downside at scale, on the quantity already cited above, and a Graphite case research, co-published with Anthropic, reported a suggestions loop that used to take an hour now takes ninety seconds, with two-thirds of instructed modifications really applied.
Anthropic’s personal inner numbers inform an identical story: earlier than deploying its personal multi-agent evaluate system on inner pull requests, solely 16 p.c received substantive evaluate feedback; after, 54 p.c did, in opposition to a backdrop of roughly 200 p.c year-over-year development in code output per engineer.
Taken at face worth, that’s the bottleneck solved. Overview received quicker, protection went up, the instruments are all over the place, everybody’s blissful. That is the model of the story that’s getting instructed in most boardrooms proper now, and on the adoption numbers, it’s an affordable one to imagine.
The Inversion
A January 2026 research, “Extra Code, Much less Reuse,” regarded beneath that story and located one thing uncomfortable: agent-generated code introduces extra redundancy and extra amassed technical debt per change than human-written code. And reviewers, per the identical analysis, really feel higher about approving it.
Sit with that pairing for a second, as a result of it’s not two unrelated details. The paper argues these observations might stem from a typical mechanism: fashions skilled with reinforcement studying from human suggestions are optimized to maximise perceived helpfulness, not essentially code high quality or truthfulness. That’s the authors’ proposed clarification, not an experimentally confirmed trigger, nevertheless it’s a believable account for why the output that outcomes is constructed to look agreeable on inspection fairly than engineered to reduce structural threat.
The researchers go additional: reviewers of their dataset really expressed fewer unfavourable feelings towards agent-authored PRs than human-authored ones, regardless of the agent PRs carrying extra reuse and redundancy issues. That’s a reviewer’s blind spot working precisely the place you’d least anticipate it, decrease vigilance towards the code almost certainly to want scrutiny.
AI-generated code tends to be regionally clear: constant formatting, wise naming, no apparent scent on the diff stage. A human reviewer scanning for the sorts of issues they’re skilled to catch, sloppy logic, inconsistent model, apparent shortcuts, finds much less of it. The sign a reviewer has traditionally used as a proxy for “that is most likely positive” (it seems cautious) is firing optimistic on code that’s, structurally, accumulating debt, the diff view can’t present: duplicated logic throughout recordsdata, abstractions reinvented as a substitute of reused, dependencies pulled in redundantly. The code that’s hardest to guage on the PR stage is precisely the code that’s now triggering probably the most confidence.
That is the half that ought to reframe how the review-agent numbers above get learn. Quicker merge instances and fewer flagged defects are actual, measured outcomes. However “fewer flagged defects” describes what the evaluate course of catches, not what’s really within the codebase. If the failure mode is structural debt that doesn’t seem like a defect on the level of evaluate, a quicker, extra assured evaluate course of can clear extra of it by means of, not much less.
The telemetry backs this up on the org stage, not simply the PR stage. Faros AI’s two-year dataset, monitoring the identical 22,000 builders and 4,000+ groups throughout durations of high and low AI adoption, discovered pull requests merging with zero evaluate, human or agentic, up 31.3 p.c throughout high-adoption durations. That’s not a deliberate coverage resolution anyplace. It’s what occurs when reviewer capability stays flat whereas the quantity in entrance of it doesn’t, and confidence in what’s arriving quietly rises on the similar time capability is most strained.
The distinction with self-reported knowledge is notable, although the 2 aren’t measuring the identical organizations. DORA’s 2025 State of AI-Assisted Software program Improvement report, drawing on its long-running survey analysis, discovered that increased AI adoption is related to a rise in each software program supply throughput and software program supply instability on the similar time, describing AI’s major function as an amplifier fairly than a uniform enchancment. Faros’s telemetry exhibits evaluate habits altering materially in periods of excessive AI adoption.
Taken collectively, they counsel self-reported and noticed measures are converging on the identical underlying image, extra velocity paired with extra pressure, although the research aren’t measuring equivalent organizations.
The place the Worth Truly Went
The trustworthy reframe isn’t “AI code evaluate instruments don’t work” or “return to guide evaluate.” Each evaluate brokers and the underlying technology fashions are doing actual work; quicker merges and genuinely fewer surface-level defects are usually not illusions. What modified is what evaluate confidence is definitely proof of. It was an affordable proxy for code high quality, as a result of the issues a quick human scan might catch correlated pretty properly with the issues that precipitated issues later. That correlation is weakening.
That mismatch, between what evaluate catches and what really causes long-term injury, isn’t new, because the opening of this piece laid out. A category of defects that conventional evaluate is poorly suited to detect more and more stay one layer under, the place a diff-level scan, human or AI, naturally seems: in duplication throughout the codebase, in architectural selections made independently by brokers that don’t share context, in dependency graphs no reviewer is prone to examine in a single PR.
Name this review-confidence drift: the hole between how certain a evaluate course of feels and the way a lot threat it’s really screening for, widening because the factor being reviewed will get cleaner-looking on the floor and messier beneath. It’s a extra particular declare than “watch out with AI code,” and a extra helpful one, as a result of it factors at the place the subsequent layer of tooling really must stay: not quicker PR-level evaluate, however structural visibility that PR evaluate was by no means designed to offer.
What Isn’t Working But
To be totally trustworthy concerning the limits of this argument: a lot of the structural-debt proof is early. “Extra Code, Much less Reuse” is one research, not a consensus, and replication throughout extra codebases and longer time horizons would meaningfully change how a lot weight it deserves. The RLHF-driven clarification for the inversion is the authors’ proposed mechanism.
Extra of an interpretation fairly than a longtime reality. The defect-rate figures traced to CodeRabbit’s revealed report and the comfort-assumption numbers are traced to Anthropic’s personal weblog submit about its personal product, however each are distributors promoting AI evaluate with a direct stake within the outcome, so these numbers deserve the identical scrutiny as any benchmark revealed by an organization measuring its personal software.
The review-agent instruments criticized implicitly on this piece, CodeRabbit, Copilot Overview, and Claude Code Overview, are additionally probably the most believable path to ultimately closing the hole they’re presently obscuring; dismissing them wholesale can be its personal sort of overcorrection.
The trustworthy place is that the tooling is forward of the measurement, in each instructions. Anybody making assured claims about AI code evaluate proper now, this essay included, is working with much less certainty than the tone of the controversy suggests.
What to Do With This Now
- Cease treating “evaluate agent accepted it” as a top quality sign equal to a human sign-off. Use it as a triage filter, not a last gate, particularly on code that touches shared modules or will get reused throughout companies.
- Instrument for duplication and structural drift instantly, not simply defect counts. A evaluate course of measuring “bugs caught” is blind to the failure mode described right here by design.
- Set an specific coverage for zero-review merges, and audit in opposition to it quarterly. In case your org doesn’t know its present zero-review merge price, that’s the primary quantity to get, earlier than including one other evaluate software.
- Reserve human reviewer consideration for architectural and cross-cutting modifications, not line-level scanning. That’s the place the AI evaluate brokers are weakest and the place structural debt really accumulates.
- Deal with review-agent vendor metrics (merge time, defect-flag price) as advertising claims till validated in opposition to your individual manufacturing incident knowledge, not as proof that the bottleneck is solved.
Code evaluate was constructed for a world the place the availability of code was bounded by how briskly an individual might write it. That world is over, and the instruments constructed to maintain tempo with the brand new one are actual, working, and nonetheless measuring the flawed factor. The queue received quicker. Whether or not it received safer is a separate query, and proper now, no one’s confidence is sweet proof both approach.









