AI coding assistants are the talk of the town, and for good reason. Tools that can turn a comment into a function or autocomplete entire classes are genuinely changing the developer experience. We’re writing more code, faster than ever before. It feels like a massive productivity win.
But is it?
While we’ve supercharged the early step of the software delivery lifecycle (SDLC), writing the code, we’ve left the rest of the pipeline largely untouched. The result is a classic DevOps anti-pattern: a powerful local optimization that creates a systemic dysfunction. More code is being generated, but it’s not necessarily reaching customers faster or more effectively.
This creates a “productivity paradox” where local efficiencies lead to global slowdowns. In fact, recent DORA metrics show that delivery throughput is actually decreasing. A METR randomized trial similarly found that while developers reported productivity gains, they could be slower in completing tasks with AI due to the additional time required for debugging.
To understand why this is happening and what to do about it, we need to go back to basics. We need to look at this new reality through the lens of the Three Ways of DevOps.
The First Way: Flow and the Firehose
The First Way (Flow) is centered on systems thinking. It emphasizes optimizing the performance of the entire value stream — the end-to-end process of delivering value — over the performance of any individual step or stage. As the Theory of Constraints teaches us, any improvement not made at the system’s bottleneck is an illusion.
AI coding assistants accelerate the “Dev” part of that flow. But that firehose of new code now slams into the same CI/CD and testing processes we’ve had for years: the same test suites, security scanners, manual approval gates, and deployment scripts.
The bottleneck isn’t writing code for most teams. It’s deciding whether the code is safe to ship.
We’re seeing a pile-up. Developers spend less time coding and more time waiting and fixing. They wait for slow builds, test results, remediate vulnerabilities, and babysit deployments. We’ve accelerated code generation only to exacerbate the real bottlenecks. We didn’t speed up the system; we just moved the traffic jam further down the road, overwhelming our downstream quality and security processes.
The Second Way: A Muted Feedback Loop
The Second Way is about creating and amplifying fast feedback loops. The goal is to obtain information from the right (Ops, production) and return it to the left (Dev) as quickly as possible. This allows teams to find and fix problems at the source, when they are cheapest to resolve.
The flood of AI-generated code creates a feedback crisis. Traditional, manual feedback mechanisms, such as peer review, simply cannot keep up with the volume. While impressive, these AI tools are far from infallible. One study found that 45% of AI-generated code samples introduced security flaws. Another study found 45% (yes, the same percentage) of all deployments to production linked to AI-generated code led to problems. When a developer gets feedback on a vulnerability days after the code was written, the context is lost, and the cost of remediation skyrockets. Even as coding assistants improve, with more code, there will always be more to review and remediate.
One way to manage this is to fight AI with AI. The feedback on AI-generated code needs to be nearly as fast as the generation itself. This means leveraging a new generation of intelligent tools for automated testing and security analysis that integrate directly into the developer’s workflow. The human reviewer isn’t eliminated. She’s elevated in her role from a line-by-line inspector to a strategic “human-on-the-loop” who validates business logic and architectural intent, work that machines can’t do.
The Third Way: Applying AI to the Entire System
The Third Way focuses on fostering a culture of continual experimentation and learning. The disruption from coding assistants forces us to get serious about this. We must use this moment as a catalyst to measure our systems, sense new bottlenecks, and invest in the technical excellence required to generate the Flow and Feedback that the first two Ways promise.
This starts with honest measurement. We must look beyond vanity metrics like “lines of code” and focus on system-level indicators like cycle time, deployment frequency, and change failure rate. At a more detailed level, where are the new logjams appearing now that code generation is off the leash? The Third Way demands we use data to find and address these constraints.
Once we see the bottlenecks, the next step is a deliberate investment in practices and platforms to keep up. This means embracing intelligent automation for the entire pipeline, including:
- Accelerated Feedback: To handle the volume, builds and tests must be fast and intelligent, to provide feedback in minutes, not hours.
- Automated Safeguards: To handle the risk, deployments must be protected by AI that analyzes production data and can automatically roll back a failing change.
- Embedded Security: To manage the new attack surface, a pipeline-out approach needs to be taken, replacing a security-as-a-silo.
When the entire pipeline can keep up, we achieve the true unlock. The conversation shifts from technical experimentation to business experimentation. An idea can move from conception to production to customer validation quickly and safely.
That’s the real promise of this technological shift, but it’s only available to those who apply the Third Way to the entire system.
Code Was Never the Bottleneck
AI coding assistants are a phenomenal leap forward. But they are not a silver bullet. By focusing on code generation, we’re optimizing a part of the process that, for many organizations, accounts for only about 30% of engineering time.
The real opportunity lies in applying intelligent automation to the other 70%, the complex, toil-filled work of getting good code tested and into production. It’s time to move beyond just AI for coding and embrace AI for delivery. That’s how we’ll truly fulfill the promise of speed, stability, and security.
