GitLab has launched its 2026 AI Accountability Report, primarily based on a survey of 1,528 builders and know-how consumers throughout six international locations.
The findings level to a widening hole between the fast uptake of AI coding instruments and the controls organisations use to trace, evaluation and govern the code they produce.
In line with the report, 91% of organisations now have no less than two AI coding instruments in energetic use, whereas 54% have three or extra. On the identical time, 78% of respondents stated builders are writing and committing code quicker since adopting AI instruments, and 60% stated returns from AI coding have exceeded expectations.
That velocity has not eliminated friction elsewhere within the software program course of. Whereas 79% of respondents stated AI has improved particular person developer productiveness, the general software program supply course of has not superior on the identical price.
Management gaps
A central theme within the analysis is the issue many organisations face in figuring out and managing AI-generated code as soon as it enters manufacturing. The report discovered that 84% of respondents agreed the most important problem with AI-generated code is governing what occurs to it after it’s created.
It additionally discovered that 82% imagine AI-generated code dangers creating a brand new type of technical debt that their organisation isn’t ready to handle. Individually, 73% stated they’re involved in regards to the maintainability of AI-generated code of their codebase.
Traceability stays a weak level. Solely 28% of respondents stated their software program improvement lifecycle instruments are absolutely built-in with shared information and workflows, suggesting many groups nonetheless depend on fragmented techniques to trace code origins and possession.
The highest structural limitations have been problem distinguishing AI-generated code from human-written code, cited by 43% of respondents, fragmented toolchains at 40%, and techniques that don’t observe code origin at 39%.
The survey additionally highlighted a niche between confidence and operational actuality throughout incidents. Whereas 87% of respondents stated they have been assured their staff might decide inside 24 hours whether or not AI-generated code had contributed to a manufacturing incident, 34% of organisations that skilled an incident previously 12 months stated they may not truly make that willpower.
Governance lag
Governance emerged as one other concern. The report discovered that 80% of respondents stated their organisation adopted AI instruments quicker than it developed insurance policies to control them, whereas 92% reported some type of governance problem linked to AI-generated code.
For a lot of organisations, that concern has moved from idea to danger administration. Some 83% of respondents recognized the buildup of AI-generated code as a danger that must be managed now, and 44% described it as a prime know-how danger.
That seems to be driving deliberate spending. The report discovered that 91% of respondents are more likely to spend money on AI code governance instruments over the subsequent 12 months, whereas 98% have already allotted or count on to allocate price range for that space.
The findings counsel the controversy round AI coding is shifting. Relatively than focusing solely on code technology velocity, organisations are more and more assessing whether or not they can confirm the place code got here from, what it was supposed to do and who’s liable for it after deployment.
One other consequence underlined that shift. The survey discovered that 85% of respondents agree AI has moved the primary bottleneck from writing code to reviewing and validating it, suggesting improvement groups could now be producing output quicker than their present assurance processes can deal with.
There have been additionally indicators that respondents count on the market to maneuver in that course. In line with the report, 85% agreed that the subsequent section of AI in software program will focus much less on producing code and extra on governing it.
The analysis was performed by The Harris Ballot and lined respondents in North America, Europe and Asia-Pacific. It surveyed each builders and know-how consumers, reflecting views from technical customers in addition to folks concerned in software program buying and oversight.
GitLab framed AI accountability round three sensible questions for any line of AI-generated code: the place it got here from, what it was meant to do and who’s liable for it as soon as it’s in manufacturing. The outcomes counsel many organisations nonetheless wrestle to reply these questions constantly throughout their software program environments.
Manav Khurana, Chief Product and Advertising and marketing Officer at GitLab, commented on the findings:
“AI coding instruments have delivered on their promise of velocity. However the occasions of the previous few months, together with provide chain assaults, reliability points, and regulators tightening expectations round AI traceability and provenance, are making clear that velocity with out management is a legal responsibility, not a bonus. The groups pondering forward are already asking the more durable query: can we truly management all of the code we’re producing? The organisations that may ship trusted software program quicker are those constructing the foundations of accountability with context, traceability, and governance baked into the platform, not simply bolted on after the very fact.”