| Audience: | CIO đźž„ CTO đźž„ CISO |
| Primary Sectors: | Cross sector |
| Decision posture: | Default Rule / Monitor |
| Decision horizon: | Next 90–180 days |
| Series role: | Overview |
Executive Summary
AI coding is producing real gains, but it is not yet a clean enterprise productivity story. The better framing is that AI makes output cheaper while moving scarcity to somewhere like: ownership, trust, cognition, review, maintainability, apprenticeship, or security verification.
That matters because many organizations are starting to treat AI coding as a delivery, budget, and workforce assumption before they can prove where the work went. Code is easier to produce, but harder to own. Adoption is rising, but trust is falling. AI is sold as cognitive leverage, but often experienced as cognitive overhead. And the same economics that help developers and defenders also help criminals.
Default Rule: Do not treat AI coding adoption, generated-code share, or self-reported speed as productivity evidence unless the organization can identify the downstream bottleneck, the owner absorbing it, the metric proving control, and the threshold that pauses expansion.
For organizations with limited software-delivery exposure, the posture is Monitor. But monitor with triggers such as mandated AI use, AI-generated production code, review saturation, rising rework, license expansion, or AI-enabled fraud and impersonation pressure.
AI Moves the Bottleneck
The AI coding debate is usually framed too narrowly. Vendors emphasize faster coding. Developers debate whether the tools are useful. Executives ask whether AI can reduce delivery cost. Security teams ask whether AI will create new threats.
Those are valid questions, but they miss the operating pattern.
In reality, AI relocates scarce work; it does not simply remove it. A task that used to be constrained by writing effort now becomes constrained by review capacity. A tool that appears to increase individual speed can make system stability harder to protect. A coding assistant that feels like leverage can become a context-management burden. A model that helps a defender summarize alerts can also help a criminal generate better lures at a larger scale.
This series is built on ten contradictions we have found with AI usage. This article highlights four of them as the entry point because they explain the overarching pattern of how output gets cheaper, while ownership, trust, cognition, and verification become scarcer.
Code Is Easier to Produce, but Harder to Own
AI coding tools reduce the friction of producing code. Trade magazine reports rapid adoption, rising benchmark performance, and credible examples of developers using agents to generate substantial portions of their work.1 GitHub Copilot research also found faster completion in a controlled programming task.2
But enterprise software is not owned when it compiles. It is owned when a team can explain it, maintain it, secure it, change it, and support it after the original author, prompt, model, or contractor is gone.
That is where the contradiction matters. AI-generated code may work in isolation but clash with repository conventions, architectural context, or long-term maintainability.3 Increases in duplicate code blocks and short-term churn, along with continued decline in moved lines, signal that code may be accumulating faster than it is being structurally improved.4 DORA’s 2024 report adds the system-level warning: AI adoption can improve individual productivity, flow, and job satisfaction while negatively affecting delivery stability and throughput.5
The CIO implication is straightforward: although code generation is a useful metric, the truly meaningful unit of productivity is ownership.
Treat AI-generated production code as unowned until proven otherwise. The proof is that a named team can maintain it, review it, secure it, and retire it without depending on the original prompt trail or one overextended senior engineer.
Adoption Is Rising, but Trust Is Falling
The adoption curve is moving up. Survey reports show that 84% of respondents are using or planning to use AI tools in the development process.6 AI coding is becoming normal workplace infrastructure, not a fringe experiment.
Trust is moving the other way. The same survey reports that positive sentiment toward AI tools fell to 60% in 2025, down from above 70% in both 2023 and 2024. It also reports that more developers distrust AI-tool accuracy than trust it.7
This is not a small wrinkle. Adoption can be misread. High usage may indicate value. It may also indicate mandate, peer pressure, executive expectation, tool availability, or performance-management theatre. Additional reporting shows the risk clearly. Developers may use AI because they are told to use it, either because performance reviews reward it or because the organization has reorganized around it. This is the case even when the output still requires heavy correction and review.8
The trap is that adoption looks like confidence from the top, but often feels like exposure from the bottom.
CIOs should therefore treat AI usage metrics as exposure metrics until paired with outcome evidence. Usage proves that AI has entered the workflow but it does not prove that delivery is faster, review is manageable, code is maintainable, or risk is lower.
AI Is Sold as Cognitive Leverage but Experienced as Cognitive Overhead
AI coding is marketed as leverage, that is, less blank-page work, faster scaffolding, easier test generation and quicker explanations of unfamiliar code. Many developers find value in these tasks and often see AI tools helping with boilerplate, tests, bug fixes, unfamiliar code, and first drafts.9
But the operating experience is more complicated. A randomized controlled trial found that experienced open-source developers expected AI tools to make them faster and later believed the tools had helped, but measured task completion was 19% slower in the tested setting.10 That does not prove AI slows every developer. It proves something more useful for executives: perceived leverage and measured performance can diverge. Why? Because the missing cost is cognition.
Developers do not merely receive AI output. They prompt, steer, inspect, test, debug, reconcile, and explain it. They must decide whether a polished answer is correct, whether the model understood the codebase, whether a generated change fits team conventions, and whether the time already spent coaxing the tool should be abandoned. Interviews capture this as cognitive overhead, which includes switching between prompting, coding, checking output, and rebuilding enough mental model to trust the result.11
The CIO-level issue is that cognitive load becomes a capacity constraint. If AI coding expansion increases the amount of code that senior staff must inspect, explain, or rescue, the organization has moved work into its most expensive attention pool.
The Same Economics Help Defenders, Developers, and Criminals
The same cost curve that makes AI useful for software teams also changes the economics of abuse. It is the same pattern showing up in yet another operating domain.
AI lowers the cost of producing plausible output. For developers, that output may be code, tests, documentation, and prototypes. For defenders, it may be alert summaries, triage support, and detection assistance. For criminals, it may be phishing messages, impersonation scripts, malware variants, fake accounts, reconnaissance, and translation.
Threat actors are using AI to scale phishing and automate intrusions, while MIT Technology Review reports that researchers see immediate AI risk less in cinematic “superhacker” scenarios and more in cheaper, higher-volume scams, impersonation, and attack preparation.12 OWASP’s 2025 GenAI risk catalogue makes the control problem more concrete: prompt injection, improper output handling, excessive agency, sensitive information disclosure, supply-chain exposure, and unbounded consumption are operational failure modes that must be managed.13
The fact is that AI does not make criminals magically sophisticated. What CIOs and CISOs must realize is that “good enough” output at low marginal cost changes volume, believability, and verification pressure. The same economics helps everyone. That is the uncomfortable truth.
Our Ten-Contradiction Map
This is the overview article of a new article series that analyzes ten contradictions. This article does not resolve any of them. It establishes the operating pattern they share as shown in Table 1.
| The Contradiction | Where the bottleneck moves to |
|---|---|
| Code is easier to produce, but harder to own. | From writing to accountability. |
| Review is both the safety mechanism and the bottleneck. | From production speed to review capacity. |
| AI appears to reduce defects while increasing debt. | From visible bugs to delayed maintainability. |
| Adoption is rising, but trust is falling. | From uptake to evidence quality. |
| The best users are not “vibe coding”; they are reintroducing discipline under a new name. | From tool access to codified context. |
| AI helps experts more than it helps the people managers most want it to help. | From broad enablement to expertise concentration. |
| AI is sold as cognitive leverage but experienced as cognitive overhead. | From manual effort to attention load. |
| Autonomy is improving, but reliability still depends on humans. | From agent capability to human assurance. |
| The security panic is overhyped, but the security problem is real. | From superhacker fear to practical exposure. |
| The same economics help defenders, developers, and criminals. | From capability access to verification scale. |
Table 1. The AI Contradictions Map. How each productivity gain shifts scarcity from output creation to ownership, review, evidence, maintainability, apprenticeship, and security verification.
The series does not focus on AI coding pros and cons but on the question of whether the enterprise can absorb whatever production AI displaces.
The CIO Rule: Track Bottleneck Transfer Before Scale
The market is past the point where pilot AI coding is a sufficient decision posture. Now the hard work begins. Before approving AI coding at scale, license expansion, productivity reporting, or workforce assumptions, require one page that answers five questions about your AI coding use:
- What is it reducing?
- What is it moving downstream?
- Who owns the burden?
- Which metric proves control?
- What threshold would pause scale?
Call it an AI Bottleneck Transfer Note. Keep it short. Make it mandatory before AI-generated-code share becomes a board metric, before AI usage is tied to performance evaluation, and before savings are booked from faster code production. This approach does not block AI coding, but it does save you from premature certainty. Here are some quick triggers you would be able to spot using this note:
- If AI reduces development time but increases review queues, the bottleneck moved.
- If AI helps junior developers ship faster but senior engineers absorb more correction, the bottleneck moved.
- If AI improves SecOps triage but increases exception handling, the bottleneck moved.
- If AI adoption appears in dashboards without rework, maintainability, review, and ownership evidence, the bottleneck is being hidden.
Executives do not need another AI enthusiasm metric. They need a way to see where the work went.
What is Next in the Series
The seven Flash Findings that follow will turn this frame into narrower decision rules. The first three will focus on engineering accountability, specifically, ownership, review capacity, and maintainability debt. The next three will focus on management evidence and capability formation, which includes adoption metrics, engineering discipline, and apprenticeship. The final piece shifts the same logic into security economics. We are not talking about AI superhackers, but cheap cyberthreat scaling.
What this series aims to show is that while we are seeing AI productivity gains we are not seeing the real picture until the receiving bottleneck is visible.
Bottom Line
AI coding does not remove scarce work. It moves it. Until leaders can show where the bottleneck moved to, who now owns it, and which metric proves control, AI productivity claims should remain provisional and not presented as board-ready savings.
Evidence and Sources
- Edd Gent, “AI coding is now everywhere. But not everyone is convinced,” MIT Technology Review, December 15, 2025; Will Douglas Heaven, “Anthropic’s Code with Claude showed off coding’s future—whether you like it or not,” MIT Technology Review, May 21, 2026.
- Sida Peng, Eirini Kalliamvakou, Peter Cihon, and Mert Demirer, “The Impact of AI on Developer Productivity: Evidence from GitHub Copilot,” arXiv, 2023.
- Edd Gent, “AI coding is now everywhere. But not everyone is convinced,” MIT Technology Review, December 15, 2025.
- GitClear, “AI Copilot Code Quality: 2025 Data Suggests 4x Growth in Code Clones,” 2025.
- DORA and Google Cloud, “Accelerate State of DevOps Report 2024,” 2024.
- Stack Overflow, “AI | 2025 Developer Survey,” 2025.
- Stack Overflow, “AI | 2025 Developer Survey,” 2025.
- Emanuel Maiberg, “Software Developers Say AI Is Rotting Their Brains,” 404 Media, May 13, 2026.
- Edd Gent, “AI coding is now everywhere. But not everyone is convinced,” MIT Technology Review, December 15, 2025.
- METR, “Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity,” July 10, 2025.
- Emanuel Maiberg, “Software Developers Say AI Is Rotting Their Brains,” 404 Media, May 13, 2026.
- Microsoft, “Microsoft Digital Defense Report 2025,” 2025; Rhiannon Williams, “AI is already making online crimes easier. It could get much worse,” MIT Technology Review, February 12, 2026.
- OWASP GenAI Security Project, “2025 Top 10 Risk & Mitigations for LLMs and Gen AI Apps,” 2025.