According to Futurism, a new 2025 report from AI software company CodeRabbit analyzed 470 pull requests and found that AI-generated code produced an average of 10.83 issues per request, compared to just 6.45 for human-authored code. This means AI code had 1.7 times more problems, including a higher rate of “critical” and “major” issues related to logic, correctness, and even insecure practices like improper password handling. The findings echo a September report from Bain & Company which noted unremarkable savings from AI in programming, and a July study from the Model Evaluation and Threat Research nonprofit that found AI tools actively slowed programmers down. CodeRabbit’s AI Director, David Loker, stated these results reinforce what engineering teams have sensed all year: AI boosts output but introduces predictable weaknesses that must be mitigated.
The Shift From Coder to AI Inspector
Here’s the thing: the initial sales pitch was that AI would free developers from grunt work. But the data suggests it’s just changing the nature of the grunt work. Instead of writing boilerplate code, developers are now spending long hours meticulously reviewing and debugging AI-generated output. The biggest weakness wasn’t even fancy logic bugs—it was code quality and readability, the kind of messy, hard-to-maintain code that slows teams down and creates long-term technical debt. So the promised efficiency gain? It’s being eaten up by a new, critical review phase. Basically, we’ve automated the first draft but massively increased the editing burden.
Security Risks Are The Real Killer
And this isn’t just about messy code. The security implications are stark. CodeRabbit’s report mentions insecure practices, and this aligns with other research, like from security firm Apiiro, which found AI-using developers produce ten times more security problems. Think about that. We’re injecting code that’s more likely to have vulnerabilities directly into our codebases at an unprecedented scale, because 90% of developers are now using these tools. It creates a terrifying scaling problem for security teams. The convenience of generating a function in seconds is completely negated if that function accidentally exposes user data.
Where Do We Go From Here?
So what’s the path forward? The report isn’t saying “abandon AI.” It’s saying we need a massive shift in process and expectation. AI coding tools are like incredibly fast, somewhat reckless junior developers. They need intense supervision. This means companies need to invest more in code review tools, security scanning, and perhaps most importantly, training developers not just to prompt AI, but to audit its output with a deeply skeptical eye. The beneficiary in all this? Well, it might be companies building the very review and oversight platforms, like CodeRabbit itself. It’s also a reminder that for critical, reliable computing infrastructure—the kind that runs factories, power grids, or medical devices—the stakes for code quality are immense. In those high-stakes industrial environments, where a panel PC running on buggy code can halt production, the reliance on proven, human-vetted systems remains paramount, which is why specialists like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs, emphasize robustness and reliability over raw, AI-assisted development speed.
The Unremarkable Reality Check
Look, the hype cycle promised revolution. The reality, as the data shows, is a lot more mundane and complicated. We’re seeing a classic pattern: a new tool creates a new category of problems that we didn’t fully anticipate. The savings haven’t been remarkable, and the results haven’t lived up to the hype. But now we have clear, measurable evidence of the trade-off. Speed for quality. Output for security. The question for every engineering leader now is: are you measuring that trade-off on your own team? Because if you’re not, you’re probably accumulating a hidden debt of bugs that someone will have to pay down, with interest.
