Why Most Engineering Teams Struggle With AI Coding Tools in Production

Adoption metrics for AI coding assistants in engineering teams look strong. Usage has grown consistently since 2023. Most teams with access to GitHub Copilot or similar tools report using them regularly. And yet, the gap between "we use AI tools" and "AI tools are clearly making us ship better code faster" is large and persistent at most organizations.

The struggle isn't with the tools themselves. It's with three structural gaps that emerge when AI coding assistants meet production reality.

Gap One: Review Processes Designed for Human Code

The standard code review process was designed around the failure modes of human-written code. Reviewers look for logic errors tied to misunderstood requirements, missed edge cases in complex business logic, naming inconsistencies, and performance problems from suboptimal queries or data structures.

AI-generated code has a different failure profile. Syntax errors are rare. Logic is often correct at the function level. The problems tend to be: library method hallucination (calling methods that don't exist in the installed version of a library), context blindness (functions that work correctly in isolation but behave incorrectly when combined with system state), and test code that passes without testing meaningful behavior.

Teams that apply the same review process to AI-generated code as to human code are miscalibrated in both directions. They spend reviewer time on things the tools handle well - syntax, obvious logic, naming - and under-invest in the things the tools fail at systematically. The result is that problems specific to AI generation pass review, while reviewers exhaust capacity on checks that don't produce proportional value.

The fix requires explicitly restructuring the review process for AI-generated code: different checklist items, different risk thresholds, different expectations for what a complete review means.

Gap Two: No Accountability for Understanding the Code

There's a pattern that emerges in teams that adopt AI coding tools quickly: engineers commit code they don't fully understand. The model generates something that looks correct, the engineer can't immediately see what's wrong with it, and it gets merged because the review process doesn't distinguish between the engineer's work and the tool's work.

This is meaningfully different from committing code you wrote yourself that has a bug in it. When you write buggy code, you understand what you intended - even if you got the implementation wrong. When you commit AI-generated code you don't understand, you have no intuition about why it might fail, where the edge cases are, or what the integration assumptions are.

The downstream cost shows up in production debugging. A bug in code you understand is a discrepancy between intention and execution - you can reason about it from the intention end. A bug in AI-generated code you don't understand requires fully reverse-engineering the code before you can reason about the bug. In production incidents, that difference costs significant time.

The fix is a team norm that's stated explicitly and enforced in practice: engineers are responsible for understanding the code they merge, regardless of its origin. Practically, this means requiring PR descriptions that explain the change in the author's own words, and making that a real checkpoint in the review process, not a formality.

"Accountability is the hardest part. The tools make it easy to ship code faster. They don't automatically make engineers responsible for what that code does. That part requires a deliberate team decision." - Dennis Traina, founder of 137Foundry

Gap Three: Tooling That Wasn't Updated for AI-Generated Code

Most engineering teams have a test suite, a linter, and possibly a static analysis step in CI. These were configured for human-written code and are under-tuned for AI-generated code's specific failure modes.

The most common gap is line coverage requirements instead of branch coverage requirements. AI-generated test suites tend to achieve high line coverage - they test every line - while having low branch coverage, because they don't test every conditional path. A codebase with 90% line coverage can have massive behavioral gaps that won't surface until specific input combinations occur in production. Switching to branch coverage requirements is a configuration change that takes an hour and catches a meaningfully different category of test gap.

The second common gap is no library version verification. AI coding tools generate code based on training data that includes multiple library versions. The result is method calls that are plausible but incorrect - either calling a method from a different version than what's installed, or calling something that was described in documentation but doesn't exist under that name in the stable release. Standard linting doesn't catch this because the method name is syntactically valid. It only fails at runtime, in a scenario where that code path gets executed.

The third gap is no complexity tracking. AI models produce higher-cognitive-complexity code because they optimize for completeness rather than simplicity given a prompt. Without explicit tracking, codebases that adopt AI tools at scale often accumulate complexity faster than the team can address it. Tools like SonarQube (free community edition) or per-language complexity analyzers track this before it becomes a significant maintenance burden.

What Teams That Navigate This Well Do Differently

Teams that use AI coding tools effectively in production share a few characteristics that distinguish them from teams that struggle.

They're explicit about what AI assistance means in their workflow. They have a clear definition of when code is "AI-assisted," a PR convention to identify it, and a review process calibrated to it. They don't treat AI-assisted PRs and human-authored PRs identically, because the failure modes are different and the review process should reflect that.

They maintain author accountability. The engineer who merges a PR is responsible for it, regardless of whether an AI tool wrote the initial draft. This norm is stated explicitly, not assumed. The review process enforces it through mechanisms like requiring plain-language PR descriptions that the engineer writes, not generates.

They updated their tooling. Branch coverage requirements instead of line coverage. Dependency auditing in CI to catch package hallucination. Complexity tracking to monitor quality trends. The tooling investment is modest - most of what's needed is free or open-source - but it requires deliberately evaluating what the existing setup was designed to catch and what it misses for AI-generated code.

The Underlying Pattern

Teams that struggle with AI coding tools in production are typically trying to add AI generation speed to an existing process that wasn't designed to absorb it. The generation rate goes up. The review and verification infrastructure stays the same. Quality degrades because the bottleneck moved from code production to code verification, and the verification process wasn't recalibrated for the new input type.

Teams that don't struggle have made the same tools work by updating the review process, the team norms, and the quality infrastructure alongside the tool adoption. The adjustment is front-loaded - a few weeks of process redesign and tooling configuration - and the return is sustainable AI-assisted development rather than accumulated technical debt.

This development agency has worked through these structural adjustments with several engineering teams. The pattern is consistent: the tools are rarely the problem. The surrounding process almost always is.

For a detailed framework covering review process design, tooling configuration, and governance approaches for AI-assisted production development, see A Practical Framework for Using AI Coding Tools in Production Codebases.

137Foundry works with engineering teams on web development, AI automation, and technical strategy. If your team is navigating AI tool adoption and wants to build the right process foundation from the start, that's work we do regularly.

Comments

Post a Comment

Popular posts from this blog

Why ETL Pipeline Design Decisions Made Today Become Tomorrow's Technical Debt

Image
Data pipelines accumulate technical debt faster than almost any other category of software. The reason isn't complexity - most pipelines are structurally simple. It's that they're written to solve an immediate problem (move this data from here to there) without accounting for how requirements will change, how systems will evolve, and how the people who maintain the pipeline will need to understand and modify it months later. This piece is about the design decisions at the beginning of a pipeline project that determine whether it stays maintainable or becomes a liability. The "Quick Script" Problem Most pipeline technical debt starts with a script that wasn't supposed to last. A developer spends a day connecting two systems, it works, and it gets put in production. Six months later, the original developer is gone, the script has no documentation, it runs on a server that nobody is sure about, and changing anything requires reading the code and hoping you und...
Read more

How to Build Idempotent Webhook Event Processors

Image
Webhook delivery is at-least-once. If your endpoint returns a non-2xx response, the sender will retry. If there's a network timeout during delivery, the sender may retry even after a successful delivery that never reached you. This means your event processor must be idempotent: processing the same event twice must produce the same result as processing it once. Idempotency is not a nice-to-have. It's the fundamental contract that makes webhook integrations reliable. Without it, retry delivery creates duplicate records, double-charged accounts, and duplicate notifications. The Core Idempotency Pattern The standard pattern is event ID tracking. Every webhook sender includes a unique identifier in the payload. Before doing any processing work, check whether you've already processed this ID. If yes, return success and stop. If no, process the event and record the ID as handled. async def process_webhook_event(event_id: str, payload: dict) -> None: async with db.transa...
Read more

Why INP Replaced FID and What That Means for Your Site's Performance Score

Image
In March 2024, Google replaced First Input Delay (FID) with Interaction to Next Paint (INP) as the responsiveness metric in the Core Web Vitals set. This wasn't a minor update to thresholds or methodology. It was a fundamental change in what Google measures when it evaluates whether a page is responsive to users. If your site's responsiveness score looked fine under FID but has declined since the transition to INP, you're not alone. INP is a stricter metric that captures failures FID was structurally unable to detect. Understanding why the change happened and what INP actually measures is necessary context for fixing it. Why FID Was Limited FID measured the delay between a user's first interaction with a page (usually a click or tap) and the point at which the browser began processing the event. It captured only the delay before processing started, not the time required to complete the processing or render the visual response. This meant FID could look good even on ...
Read more