AI-generated code is shipping to production without security review. The tools that generate the code don’t audit it. The developers using the tools often lack the security knowledge to catch what the models miss. This is a growing blind spot in the software supply chain.
HITL
AI augmented > AI generated.
Human review with AI co-review > AI generated review.
Human-arranged AI augmented documentation > AI documentation which always seems to believe that the most innocuous comment spelling correction is the most important change…
If you completely remove humans from the development cycle then you don’t know what’s in your codebase anymore.