跪拜 Guibai
← Back to the summary

Microsoft's 24% AI Coding Boost Hides a 70% Bug Increase

Microsoft just released a research report: after deploying Claude Code and Copilot CLI to tens of thousands of engineers for four months, each person merged 24% more PRs per day. Management is forwarding this report. But after I read it alongside several other data points—I couldn't sit still.

A 24% efficiency boost sounds great

First, the core data from Microsoft's report:

A 24% increase is indeed significant. If a team used to merge 10 PRs a day, now it merges 12–13. Management's first reaction upon seeing this number is "roll it out to everyone."

But does more PRs equal higher productivity?

The top-voted comment in the Hacker News discussion thread for this report said:

"Lines of code isn't productivity, and neither is CLs landed."

Efficiency rose 24%, but another set of data goes unmentioned

Put Microsoft's report alongside several other recent studies, and the picture changes completely:

Data point 1: AI code has a 70% higher bug rate

Shiplight's analysis of thousands of PRs shows AI-generated code has 1.7× more bugs than human-written code, 75% more logic errors, and 3× more readability issues.

In other words—PRs are up 24%, but the bugs hidden in each PR are up 70%.

Data point 2: 96% of developers don't fully review AI code

Sonar's survey shows 96% of developers do not fully review AI-generated code. AI writes it, they glance at it, if it runs it gets merged, next.

24% more PRs + 70% more bugs per PR + 96% not reviewed carefully = ?

Data point 3: Developer trust in AI code has dropped to 33%

2026 survey data shows only 33% of developers trust the quality of AI-generated code. But trusting it and using it are two different things—deadlines are looming, the boss is pushing, and not using AI means you're the slow one.

Data point 4: Someone is making $40K/month cleaning up AI code

A post blew up on Hacker News last week: three engineers quit their jobs to found Slopfix, a company that specializes in cleaning up AI-generated code for enterprises, charging $10,000 per week. 301 upvotes, and business is so good they can't keep up.

Forbes' headline last week was even more blunt: "AI Coding Is Starting To Feel Like A Gamble."

What the real cost is

A 24% efficiency gain is great. But at what cost? I've organized five hidden costs that "the report didn't write about."

Cost 1: Technical debt accelerates

AI writes code fast, but it doesn't consider architectural consistency. In a 10-person team where all 10 use AI, everyone generates code with different styles, error-handling approaches, and state-management strategies.

Three months later, the codebase becomes a patchwork monster. Every file runs, but together they're a disaster.

Before, technical debt grew linearly—however much code people wrote, that's how much debt they racked up. Now AI doubles code output, so technical debt doubles too, but the speed of repayment hasn't changed.

Cost 2: Code review becomes the new bottleneck

Microsoft's report says PRs increased 24%. But—who reviews all those extra PRs?

AI can write code for you, but it can't review other people's code for you. PRs are up 24%, so review workload is up 24%. And reviewing AI code is harder than reviewing human code—because you don't know why this code was written this way, you can only see what it is.

The result: either review quality drops (96% of people are already doing this), or review becomes the bottleneck for the entire team.

Cost 3: Junior developers stop growing

Who benefits most from AI writing code? Not senior engineers—they were already fast. It's junior engineers—AI makes their output look comparable to seniors'.

But "looking comparable" and "being comparable" are two different things. Junior engineers use AI to bypass the process of thinking through solutions themselves. Output is there, but ability hasn't grown.

One year later: the company has a roster of "high-output" junior engineers on paper, but no one can debug that AI-written code, and no one can make architectural decisions.

Cost 4: The security vulnerability multiplier effect

Security research shows AI-generated code has a security vulnerability rate 2.74× that of human-written code.

Before, a team writing 100 lines of code a day might have 2 security vulnerabilities. Now writing 300 lines a day, there might be 16 vulnerabilities. Output rose 3×, vulnerabilities rose 8×.

And AI-generated security vulnerabilities are harder to spot than human ones—because the code looks very standard, all the patterns are right, it just missed one validation at a boundary condition.

Cost 5: Debugging costs rise instead of falling

The cruelest irony of AI code: it's fast to write, but slow to fix.

You didn't write AI-generated code with your own hands. You don't know its design intent, you don't know why it chose this approach over that one. When a bug appears, you're facing a piece of "someone else's code"—except that "someone else" is AI, and you can't even ask it questions.

Slopfix charges $10,000 a week to clean up AI code for people, not because AI code is especially terrible—but because no one knows what's going on with it, and the only option is to tear it down and start over.

Quick checklist: Is your AI code stepping on these landmines?

Risk signal How to check Severity
AI code merged and never looked at again Check the follow-up modification history of the last 10 AI PRs 🔴 High
Review only checks "does it run?" Ask yourself: can you explain why this code is written this way? 🔴 High
Team has no AI code review standards Is there a checklist specifically for AI-generated code? 🟡 Medium
Junior members' output suddenly matches seniors' Compare debugging ability and participation in architecture discussions 🟡 Medium
Code style is increasingly inconsistent Look at the last month's commits, check formatting/naming/error handling 🟡 Medium
Security scanning has never been run Run a SonarQube/Snyk scan on AI-generated code 🔴 High
No one can explain a module's design intent Randomly pick an AI-written module and ask the author to explain the logic 🟡 Medium
Production bug fix time is increasing Compare average bug fix duration before and after introducing AI 🔴 High

Bookmark this table. Next time you do a tech lead monthly review, go through it item by item.

It's not that you shouldn't use AI, it's that you shouldn't use it blindly

Microsoft's 24% efficiency gain is real. I'm not denying the value of AI programming—it genuinely makes writing code faster.

But "writing fast" and "writing well" are two different things. Microsoft's report measures the former, while what we endure daily are the consequences of the latter.

The correct approach isn't "roll it out to everyone regardless of quality," but rather:

  1. AI writes code → but a human must review it (not just a glance)
  2. Use AI to accelerate → but reinvest the saved time into code review and testing
  3. Junior engineers can use AI → but must be able to explain every line of code AI generates
  4. Measure efficiency → but simultaneously measure bug rate, number of security vulnerabilities, and the growth rate of technical debt

PRs are up 24%. If bugs are also up 70%, is the net effect positive or negative?

Every tech lead should do this arithmetic themselves.

After your team adopted AI programming, has code quality changed? Share your observations in the comments.

Comments

Top 2 of 4 from juejin.cn, machine-translated. The original thread is authoritative.

秋收冬藏842

Leadership sees the efficiency gains and sets KPIs, requiring at least 40% of code to be AI-generated, with a final target of 70%. It's like upgrading a car with a rocket engine but leaving the braking system completely untouched. Because the efficiency gains belong to leadership, while the technical debt falls on developers. Leadership benefits, and the boss is happy seeing those numbers too.

kyriewen

Yes, so in the end it's still the developers who bear the brunt.

Z哥哈哈哈

2

kyriewen

3