惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
T
The Exploit Database - CXSecurity.com
P
Proofpoint News Feed
Scott Helme
Scott Helme
NISL@THU
NISL@THU
Cisco Talos Blog
Cisco Talos Blog
C
Cybersecurity and Infrastructure Security Agency CISA
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
J
Java Code Geeks
U
Unit 42
The GitHub Blog
The GitHub Blog
H
Help Net Security
T
Tenable Blog
aimingoo的专栏
aimingoo的专栏
Jina AI
Jina AI
Spread Privacy
Spread Privacy
Apple Machine Learning Research
Apple Machine Learning Research
人人都是产品经理
人人都是产品经理
L
Lohrmann on Cybersecurity
T
Threatpost
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Engineering at Meta
Engineering at Meta
A
About on SuperTechFans
I
InfoQ
Microsoft Azure Blog
Microsoft Azure Blog
B
Blog
L
LINUX DO - 最新话题
K
Kaspersky official blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Threat Research - Cisco Blogs
C
Check Point Blog
T
The Blog of Author Tim Ferriss
有赞技术团队
有赞技术团队
宝玉的分享
宝玉的分享
Help Net Security
Help Net Security
Google DeepMind News
Google DeepMind News
A
Arctic Wolf
Y
Y Combinator Blog
N
News | PayPal Newsroom
M
MIT News - Artificial intelligence
Latest news
Latest news
H
Hacker News: Front Page
Blog — PlanetScale
Blog — PlanetScale
腾讯CDC
I
Intezer
爱范儿
爱范儿
F
Fortinet All Blogs
P
Palo Alto Networks Blog
C
CERT Recently Published Vulnerability Notes

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
AI Is Breaking Code Review: How Engineering Teams Survive the PR Bottleneck
Codacy · 2026-06-16 · via Hacker News - Newest: "AI"

AI coding tools have made it easier to produce code, but they have not made it easier to ship it safely.

Pull request queues are growing faster than review capacity. CircleCI's 2026 data shows feature branch throughput up 59% year over year, while main branch throughput for the median team actually fell. The bottleneck has moved from writing code to deciding whether code is safe to merge. This article covers why AI-generated code creates review pressure, what automated tools can handle, and how engineering teams can keep PRs moving without lowering their standards.

In this article:

  • Why AI-generated code creates a review bottleneck
  • What makes reviewing AI-generated code different
  • How to review AI-generated code without slowing down pull requests
  • What automated tools can own in the review process
  • What human reviewers still need to evaluate
  • Why generic AI reviewers miss critical issues
  • How compliance requirements shape the review model
  • The ceiling on optimized PR review

Why AI-generated code creates a review bottleneck

To review AI-generated code without slowing down pull requests, you have to move baseline checks away from human eyes and focus human review on intent and architectural fit. The engineer who prompted the AI still owns the output. But the review process itself can shift: automated checks handle formatting, security patterns, and known vulnerabilities, while humans concentrate on whether the change actually solves the right problem.

Here is the main tension: AI-assisted development has changed the ratio between code production and review capacity. Engineers can generate more code in less time, yet the team's ability to validate that code has not scaled at the same rate.

CircleCI's 2026 State of Software Delivery report analyzed more than 28 million CI workflow runs across over 22,000 organizations. As mentioned earlier, overall throughput grew 59% year over year. At the same time, throughput on feature branches increased 15% for the median team while main-branch throughput fell nearly 7%, and main-branch success rates dropped to 70.8%.

More code is entering the pipeline, but less of it is reaching production successfully. The bottleneck has moved from writing code to deciding whether code is safe to merge.

What makes reviewing AI-generated code different

Code review has always carried hidden operational costs. Context switching between building and reviewing slows both activities. Feedback loops can become contentious. And when PR queues grow, teams often reduce rigor to keep work moving — Faros AI data shows 31% more PRs merging with no review — leading to superficial approvals and skipped edge-case analysis.

AI-generated code amplifies review pressure in specific ways.

First, there is the volume problem. AI-assisted workflows produce more branches, more commits, and more PRs. A single engineer working with a coding assistant can open several PRs in the time it previously took to complete one.

Second, there is the context problem. When an AI agent generates code, the reviewer often receives a completed diff without the same implementation journey or decision trail. The reviewer has to reconstruct intent from the ticket, PR description, and code changes alone. LinearB's 2026 Software Engineering Benchmarks Report found that agentic AI PRs have a pickup time 5.3x longer than unassisted PRs. AI-assisted PRs wait 2.47x longer. Longer pickup times suggest reviewers are spending more time evaluating AI-generated changes, contributing to deeper review queues.

Third, there is the trust problem. AI-generated code often appears plausible enough to pass a casual read, which makes review harder rather than easier. Stack Overflow's 2025 survey shows trust in AI accuracy has fallen to 29%. Reviewers have to look for subtle mismatches between intent, architecture, and runtime behavior.

Keep pull request queues from becoming your next bottleneck

Codacy automates code quality, security, coverage, and policy checks before human review, helping reviewers focus on architecture, correctness, and maintainability.

Reduce review noise →

How to review AI-generated code without slowing down pull requests

The teams that scale AI successfully invest in validation systems that absorb increased volume without requiring proportionally more human attention.

In CircleCI's data, a minority of teams saw main-branch throughput grow 26% while feature-branch activity surged 85%. The difference was stronger automated checks and better signal-to-noise in review comments, as well as clearer merge policies.

The practical approach has three layers:

  • Automate baseline checks before human review. Formatting, linting, SAST findings, SCA and dependency risk, secrets detection, test coverage changes, and complexity thresholds can all run before a human opens the diff. If any of those checks fail, the PR does not reach the review queue.
  • Use AI-assisted review to reduce reviewer startup cost. A useful AI reviewer summarizes what changed, highlights risks, and groups findings by severity. The human reviewer does not start from a blank diff. They start with a structured overview of where to focus attention.
  • Reserve human review for judgment calls. Architectural alignment, business logic correctness, long-term maintainability, and cross-team impact require context that automated tools cannot fully capture. Human reviewers concentrate on judgment rather than scanning for issues that tools can detect consistently.

This layered model keeps PRs moving without lowering standards.

What automated tools can own in the review process

Automated tools and AI-assisted reviewers can own first-pass detection, summarization, and enforcement for repeatable issues. Deterministic checks, meaning checks that produce the same result every time given the same input, work well for the following categories:

  • Static analysis findings: Linting, type checks, and code style violations.
  • Security patterns: Known vulnerability patterns, insecure dependencies, and secrets exposure.
  • Test and coverage changes: Whether tests pass, whether coverage thresholds are met.
  • Complexity and duplication: Flagging files that exceed maintainability thresholds.
  • Policy violations: Project-specific rules that can be expressed as pass/fail conditions.

When automated checks run before or immediately when the PR opens, issues surface early. Reviewers do not spend time finding problems that tools can detect. And when findings are grouped and summarized, reviewers can decide where to spend attention rather than scanning every line.

Platforms like Codacy can run automated checks when a repository is connected, providing findings on complexity, duplication, test coverage, security issues, and PR completeness before a human reviewer opens the diff.

What human reviewers still need to evaluate

Human reviewers bring context that automated tools cannot replicate. Even with strong automated checks, certain questions require judgment:

  • Does this change align with the system's architecture? AI-generated code often satisfies a narrow prompt while violating broader architectural expectations.
  • Is the business logic correct? Tools can verify that code runs, but not that it solves the right problem.
  • Will this be maintainable? Code that works today can create maintenance burden tomorrow if it bypasses existing abstractions or duplicates logic.
  • What is the cross-team impact? Changes that touch shared components or APIs may affect other teams in ways that are not visible in the diff.
  • Is this the simplest solution? AI often writes inline code when it lacks sufficient awareness of existing internal APIs or utilities.

Accountability stays with the human. But the human review becomes more about judgment and less about mechanical inspection when baseline checks are already handled.

The PR review bottleneck Diagram

Why generic AI reviewers miss critical issues

Generic AI reviewers behave like a new engineer with no repository memory. They may spot obvious issues, but they often miss the problems that actually matter in mature codebases.

Consider a few examples:

  • A PR modifies v1 middleware when v2 is the canonical path.
  • A component duplicates dropdown behavior that already exists in the design system.
  • A controller calls repositories directly even though the architecture requires service-layer access.
  • A suggested refactor violates the scope constraints in the project's contribution instructions.

Each of those issues requires repository-level context: knowledge of conventions, architecture decisions, and project-specific rules. Without this context, an AI reviewer produces either shallow feedback or noisy false positives.

Teams evaluating AI review tools often report a mix of useful findings and low-signal feedback that still requires human filtering. Stale training data can produce false claims about dependency versions. Pattern-based security checks can flag safe code as vulnerable. Repository-level instructions can be ignored entirely.

At the same time, AI reviewers do catch real bugs: package deduplication issues, URL-encoding problems, pattern matching errors, and missing workflow triggers. The value is real, but it depends on integration with deterministic analysis and repository-aware context.

How compliance requirements shape the review model

Many organizations require at least one non-author human approval on every PR. That requirement does not mean the entire review has to be manual.

Automated checks can reduce the scope of what the human approver inspects. Tools can provide evidence of which checks ran, which findings were introduced, and what policies were enforced. The human approval becomes more meaningful when it is supported by consistent automated evidence.

For compliance frameworks like SOC 2, ISO 27001, ISO 42001, or HIPAA, the question is whether controls are consistent and auditable. Deterministic enforcement, where the same input always produces the same decision under the same policy conditions, supports this requirement. Probabilistic AI review can surface issues, but it cannot serve as the sole enforcement layer for production-bound changes.

Codacy provides exportable compliance reports that document which checks ran and what findings were detected, reducing audit preparation from weeks of scrambling to a dashboard export.

The ceiling on optimized PR review

The layered model described here, automated baseline checks, AI-assisted triage, and focused human review, is the practical bridge state for teams under pressure now. It keeps PRs moving without lowering standards. However, this model has a ceiling.

Human review capacity does not scale linearly. Agentic systems can produce many parallel changes. Reviewers cannot reconstruct full context for every AI-generated diff.

Some teams are already beginning to separate validation from approval and approval from deployment risk. Some are experimenting with merge-first, review-later workflows for changes protected by strong tests and rollback mechanisms. Others are reserving human review for exceptions, high-risk areas, and architectural changes.

The PR process was built around a stable assumption: humans write code, humans review code, and the volume of change remains within the review capacity of the team. That assumption is starting to fail.

For now, stronger automated guardrails and better triage can stop the bleeding. But as AI generates more of the code, the industry will likely move toward more radical review models. The question is no longer whether engineers can produce code faster. It is whether teams can validate and promote that code without slowing down or lowering their standards.

See where AI-generated changes are breaking your quality gates

AI-generated and human-written code can behave unpredictably at scale. Codacy helps reveal where enforcement breaks across your engineering system.

Scan your repository for free →