AI in Code: Speed Outpaces Governance
GitLab study reveals that adoption of AI tools for code generation is advancing faster than controls, creating maintainability and security risks.
July 1, 2026 · 5 min read
TL;DR: AI accelerates code writing, but review and governance become bottlenecks. 73% of developers fear future maintainability. Governance will be key.
Generative artificial intelligence has transformed the way developers write code, but a new study from GitLab reveals a paradox: although individual productivity increases, software delivery speed does not improve at the same rate. The '2025 GitLab Global DevSecOps Report' surveyed over 1,500 developers and shows that 91% of organizations already use at least two AI tools for coding. However, 79% say software delivery has not accelerated in proportion to developer productivity. This phenomenon, dubbed the 'AI paradox,' is not unique to GitLab: a 2024 GitHub study already noted that developers accepted AI-generated code without proper review, increasing bugs. The difference now is scale: with multiple AI tools coexisting, fragmentation and lack of standards worsen the problem.
What happened?
The GitLab study, published in April 2025, points to an 'AI paradox': the time saved in writing code is now consumed by reviewing, validating, and governing AI-generated code. 85% of respondents say the main bottleneck is no longer code creation but its review and validation. Additionally, 43% of developers struggle to distinguish AI-generated code from human-written code, making it difficult to maintain security and quality long-term. Three out of four (73%) are concerned about the future maintainability of AI-generated code, and one-third (34%) cannot determine whether an incident was caused by AI code. This downstream shift of problems echoes the technical debt crisis of the early 2000s, when rapid adoption of frameworks led to hard-to-maintain systems. However, AI adds a layer of opacity: generative models are black boxes, and the code produced may contain non-obvious vulnerabilities. According to a 2024 Snyk report, AI-generated code is 20% more likely to contain critical security flaws than human code, reinforcing the need for review.
Why is this important?
This phenomenon has deep implications for the software industry. Speed without control becomes a liability, as Manav Khurana, Chief Product and Marketing Officer at GitLab, notes: 'Events in recent months, including supply chain attacks, reliability issues, and stricter regulations on AI traceability and provenance, are making it clear that speed without control is a liability, not an advantage.' Companies are adopting AI tools for coding faster than they implement governance policies: 92% experience some kind of governance challenge with 'vibe coding,' and 80% admit that adoption outpaced governance. This imbalance is similar to what happened with cloud computing in the early 2010s, when companies migrated rapidly without establishing security policies, leading to massive breaches. The difference now is that AI not only accelerates production but also introduces unique risks, such as generating biased code or relying on models that can change without notice.
Consequences for companies and developers
Lack of governance can lead to technical debt, security vulnerabilities, and regulatory compliance issues. As regulators tighten traceability requirements—such as the EU AI Act, which demands documentation of AI-generated code origin—companies that cannot demonstrate the origin and quality of their code face legal and reputational risks. On the other hand, developers are losing trust: according to the 2025 Stack Overflow survey, 46% distrust AI to some extent, compared to 33% who trust it. This could slow future adoption if these issues are not addressed. Additionally, 34% of developers cannot attribute incidents to AI code, complicating debugging and accountability. In market terms, companies that resolve this paradox will gain a competitive edge. A 2024 McKinsey report estimates that generative AI could add between $2.6 and $4.4 trillion to the global economy, but only if risks are managed. Startups offering AI governance tools, such as algoGuard or Credo AI, are already attracting significant investments, indicating that the market is responding.
What should readers know?
AI governance in software development is becoming a priority. 91% of organizations plan to invest in governance next year, and 98% will allocate specific budget for it. Traceability, accountability, and trust will be key competitive differentiators. Developers and technical leaders must implement clear policies, automated review tools, and quality metrics for AI-generated code. It is not about slowing innovation but ensuring that speed does not compromise software integrity. Tools like GitLab Duo already offer AI-assisted review features, but the report suggests they are not enough: deeper integration of governance into the workflow is needed. Additionally, teams must be trained to identify AI-generated code and establish rigorous validation processes. Continuous education and collaboration among developers, security, and compliance will be essential.
“Organizations that will ship reliable software faster are those that build foundations of accountability with context, traceability, and governance integrated into the platform, not added later,” says Manav Khurana.
In summary, AI in code is here to stay, but its adoption must be accompanied by robust controls. The balance between speed and control will define the winners in the next era of software development. The AI paradox is not a dead end but a wake-up call for the industry to mature and build systems that are both fast and reliable.