AI Coding Tools Boost Output While Increasing Review, Security, and Burnout Risks
Enterprises are accelerating adoption of AI coding assistants and agents, with vendors and engineering leaders reorganizing around tools such as GitHub Copilot, Codex, Claude Code, and formal-verification agents to increase software output and support smaller teams. OpenAI has reportedly shifted strategy toward coding and enterprise customers, while companies such as Cursor are deploying always-on security agents that scan pull requests, patch dependencies, and block risky changes before release. Research and industry reporting also show AI is changing how developers work: Copilot users spend more time coding and less time on collaboration and project-management tasks, and engineering teams increasingly treat AI as a force multiplier rather than a replacement for human developers.
At the same time, multiple studies and incident reports say the gains are being offset by a growing review and supervision tax. Reports from Harness, DORA, Sonar, and other researchers found that heavier AI use often correlates with more code review effort, higher defect and deployment risk, longer remediation and recovery times, and rising burnout among senior engineers who must validate AI-generated changes. Security researchers at RSAC 2026 said AI assistants reproduce common flaws such as SSRF, XSS, path traversal, command injection, and open redirects at scale, while reporting tied AI-assisted changes to outages and operational failures, including an AWS disruption. Across the coverage, experts urged organizations to keep humans in the loop, apply stricter governance and testing for AI-generated code, and measure validation workload, defect escape, and technical debt rather than code volume alone.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
14 events from the most recent confirmed update back to the earliest known activity.
Harness reports AI adoption creates more 'invisible work' for developers
Harness' 2026 State of Engineering Excellence research found that widespread AI adoption in software development is increasing time spent on code reviews, bug fixing, and validating AI-generated output. The company said much of this remediation burden is untracked 'invisible work' and called for new metrics covering validation effort, AI acceptance rates, and tool costs.
InfoWorld panel says AI shifts engineering bottleneck to review and deployment
An InfoWorld panel on agentic AI said engineering teams can deliver larger scopes of work with smaller staffs, but the main bottleneck has shifted from writing code to safely reviewing and operationalizing AI-generated output. Panelists said organizations are producing more pull requests through AI assistance while review capacity and deployment risk management lag behind.
TechTrenches says AI-generated code quality worsens over time
A TechTrenches article argued that code-generation systems amplify software quality problems because they are trained on buggy, vulnerable, and increasingly AI-generated code. It said AI-assisted development may boost short-term velocity while increasing complexity, duplication, defects, and security issues over time.
Mistral launches Leanstral formal-verification code agent
Mistral AI launched Leanstral in March as an open-source code agent that uses Lean 4 and formal verification to generate machine-checkable proofs that code matches a specification. The launch was positioned as a way to reduce human review bottlenecks, though experts cited in later coverage said human oversight is still needed for requirements, edge cases, and production risk.
Salesforce CEO says AI still cannot replace software engineers
Salesforce CEO Marc Benioff said AI is improving engineering productivity but remains far from replacing human developers because current models cannot operate autonomously at the required level. The report pointed to continued hiring by major AI firms and ongoing security and remediation burdens from AI-generated code as evidence humans remain essential.
TechTrenches argues AI productivity gains impose a human supervision tax
A TechTrenches article argued that generative AI increased workload for software engineers by accelerating output while leaving humans to validate it at biological limits. It said senior engineers face larger review queues, heavier cognitive demands, and greater burnout risk as they remain accountable for AI-assisted code.
The New Stack says AI-generated code shifts bottlenecks into review
An April analysis argued that AI coding tools have not removed software delivery bottlenecks but instead moved them into code review queues, especially for senior engineers. It cited 2025 DORA data saying increased AI tool usage had not improved lead time, deployment frequency, change failure rate, or MTTR.
OX Security discloses flaws in AI-generated open-source apps at RSAC 2026
At RSAC 2026, OX Security researchers said AI coding assistants reproduce insecure coding patterns at roughly the same proportional rate as humans and disclosed an unauthenticated RCE in DeepSeek OCR App plus three flaws in SaaS-Starter. They said the main danger is that AI enables insecure code to be produced and deployed much faster and at greater scale.
CIO highlights AWS disruptions as warning on AI-built enterprise apps
A follow-up CIO article argued that rapidly building enterprise tools with AI-assisted 'vibe coding' without governance is risky because organizations can create software faster than they can understand, integrate, and maintain it. It cited recent AWS disruptions related to AI-generated code as an example of those risks.
CIO warns unmanaged enterprise 'vibe coding' raises operational risk
A CIO article warned that AI-assisted software development should be tightly controlled with strict access controls, peer review, strong testing, and separation from sensitive systems. It said unmanaged use by non-IT employees building ad hoc enterprise apps could create disorder and serious technical debt.
Harness report links frequent AI coding use to more deployment issues
Harness' 2026 State of DevOps Modernization report found that frequent users of AI coding tools shipped code faster but also reported more deployment problems, longer recovery times, and greater burnout risk. The report argued that AI accelerates coding faster than QA, security testing, validation, and incident response can scale.
Harvard paper finds Copilot shifts developers away from collaboration
A Harvard Business School working paper surveying 187,000 open-source developers found that free access to GitHub Copilot changed how developers allocated time. The study said developers spent more time coding and less time on project management and peer collaboration, suggesting AI is reshaping software engineering work patterns.
OpenAI refocuses on coding tools and enterprise customers
OpenAI reportedly narrowed its strategy toward coding products and enterprise adoption after internal leaders viewed Anthropic's gains as a wake-up call. The report said the company had recently released a refreshed Codex app and GPT 5.4 while pushing more resources toward business productivity use cases.
Cursor open-sources AI security agent templates
Cursor released templates and Terraform for four always-on AI security agents built on its Cursor Automations platform: Agentic Security Review, Vuln Hunter, Anybump, and Invariant Sentinel. The company said the agents had already run on thousands of pull requests, blocked hundreds of issues from reaching production, and found vulnerabilities including SSRF and overly broad permissions.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
15 references tracked. Mallory keeps watching after this page renders.
AI might help speed up software development, but 81% of devs now spend more time reviewing code - and it’s creating an ‘invisible work’ trend that’s pushing teams to the limit | IT Pro
itpro.com
Open sourceWhat happens when engineering teams reorganize around AI agents | InfoWorld
infoworld.com
Open sourceWhy AI-Generated Code Gets Worse Over Time, Not Better
techtrenches.dev
Open sourceMistral’s Leanstral wants to kill off human-in-the-loop code checks, but is it blowing in the wind? - The New Stack
thenewstack.io
Open sourceGitHub Copilot's effect on collaboration has stunned researchers - The New Stack
thenewstack.io
Open sourceAre AI agents actually slowing us down? - by Gergely Orosz
newsletter.pragmaticengineer.com
Open sourceOpenAI shifts to coding and enterprise after Anthropic
qz.com
Open sourceCursor built a fleet of security agents to solve a familiar frustration - The New Stack
thenewstack.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Security Risks and Best Practices in the Adoption of AI Coding Assistants
The rapid adoption of AI coding assistants is fundamentally transforming software development practices across the technology industry. Major companies such as Coinbase, Accenture, Box, Duolingo, Meta, and Shopify have begun mandating the use of AI coding assistants for their engineering teams, with some executives even taking drastic measures such as terminating employees who resist upskilling in AI. This widespread shift is driven by the significant productivity gains that AI coding assistants offer, enabling developers to accelerate deployment and experiment with new approaches. However, the integration of these tools introduces substantial new security challenges, particularly in the context of software supply chain security. Security researchers warn that AI-generated code often relies on existing libraries and codebases, which may contain old, vulnerable, or low-quality software. As a result, vulnerabilities that have previously existed can be reintroduced into new projects, and new security issues may also arise due to the lack of context-specific considerations in AI-generated code. The phenomenon known as "vibe coding"—where developers quickly adapt AI-generated code without fully understanding its implications—further exacerbates these risks. AI models trained on insecure or outdated data can perpetuate flaws, making it difficult for human reviewers to catch every potential vulnerability. The attack surface for organizations expands significantly as AI coding assistants become integral to the development lifecycle, potentially increasing risk by an order of magnitude. Security practitioners emphasize the need for new secure coding strategies tailored to the era of AI-assisted development. Effective communication between security teams and developers is critical to ensure that AI tools are adopted safely and that their benefits do not come at the expense of security. Organizations must rethink their development lifecycles, incorporating rigorous review processes and updated security protocols to address the unique challenges posed by AI-generated code. The transition to AI-driven development is inevitable, but it requires a proactive approach to risk management. Security teams must lead the way in establishing best practices, fostering collaboration, and ensuring that the adoption of AI coding assistants enhances rather than undermines organizational security. The industry is at a pivotal moment where the balance between productivity and security must be carefully managed. As AI coding assistants become non-negotiable tools for developers, the responsibility falls on both security professionals and engineers to adapt and safeguard the software supply chain. The future of secure software development will depend on how effectively organizations can integrate AI tools while mitigating the associated risks.
Jun 29, 2026
AI’s Impact on Secure Coding, Security Operations, and Workforce Strain
Security leaders and practitioners are increasingly framing **AI** as both a force-multiplier for defenders and a risk amplifier for software and operations. Commentary and executive guidance highlighted that AI-assisted fuzzing, static analysis, and large-scale pattern recognition can surface vulnerabilities faster than traditional review, but that faster discovery does not automatically reduce enterprise risk because real-world impact depends on exposure, identity/privilege design, data flows, and business process dependencies. Separately, industry guidance on “rolling out AI” emphasized practical governance measures—knowledge-sharing, partnering, and automation—arguing that the same capabilities that make AI valuable also expand the attack surface and the speed at which threats evolve. Operational reporting also underscored how AI-related and traditional threats are converging in day-to-day security work. A monthly security briefing cited rapid weaponization of a critical BeyondTrust Remote Support pre-auth RCE (**CVE-2026-1731**) with proof-of-concept and exploitation observed shortly after disclosure, later treated as a zero-day and reportedly used in ransomware activity; it also noted emerging integrity risks such as **AI recommendation poisoning** (manipulating AI-generated outputs via hidden instructions) and an AI tooling supply-chain incident involving an unintended update to the *Cline CLI* coding assistant after a compromised token. In parallel, survey results pointed to sustained **workforce burnout**—U.S. security professionals averaging significant weekly overtime and reporting emotional exhaustion—while also indicating a skills shift toward communication and stakeholder management as AI tooling adoption increases cross-functional demands.
Jun 29, 2026
AI Adoption in Software Development Increases Cybersecurity Risks
A surge in the use of AI-powered coding and automation tools is reshaping software development and cybersecurity practices, with recent industry reports highlighting a significant rise in vulnerabilities and incidents linked to AI-generated code. Surveys of security professionals and executives reveal that a substantial portion of production code is now written by AI, but security guardrails and oversight have not kept pace, leading to new flaws and uncertainty over accountability when breaches occur. Despite optimism about AI's future capabilities, most organizations have already experienced negative impacts, and only a small fraction of CEOs express confidence in their AI systems' ability to protect sensitive data. The rapid adoption of AI has also intensified the overall cybersecurity threat landscape, as cybercriminals leverage AI to accelerate attack timelines and enhance social engineering tactics. Notably, there has been a dramatic increase in voice phishing attacks and a reduction in attacker breakout times, underscoring the urgency for stronger governance, training, and formal controls around AI use. Security leaders are urged to prioritize data integrity, secure AI supply chains, and integrate security into AI development processes to address these evolving risks.
Jun 29, 2026