AI can generate code faster than most software organizations can absorb it. This should be a productivity breakthrough, but it also exposes a larger problem: many of the processes surrounding software delivery still happen at human speed.
A new white paper from code4thought looks at what happens when AI changes how quickly teams write software, and what software engineering produces, how organizations govern it, and where engineers add the most value.
AI-Assisted Software Engineering: The New Delivery Paradox pulls from six in-depth conversations covering security, product engineering, academic research, regulated industry, retail banking, and AI assurance.
The expert contributors do not agree on everything, and the paper doesn’t try to force consensus. Rather, it captures a profession that is working through structural change in real time.
Its headline finding is clear: “AI does not break software engineering — it amplifies whatever discipline, or lack of it, is already there.”
Here are five of the questions and findings that stood out.
If AI writes the code, what becomes the primary artifact?
For decades, source code has been at the heart of software engineering. Teams review it, measure it, secure it, version it, then they hand it over.
However, if AI generates a meaningful share of implementation on demand, the paper asks whether the real artifact now sits further upstream.
Ejona Preci, Group CISO at LINDAL, says: “The primary artifact becomes the prompt. When AI generates the code, the code is a derivative.”
That notion raises an immediate governance issue. As she points out, the intent, constraints, and context behind generated code increasingly live in prompts, but prompts today are often “unversioned, unreviewed, and almost entirely unaudited.”
Other contributors think about it differently. Some see prompts and context as the new higher-level source, while others believe that the real asset lies in specifications, the solution itself, or the institutional way of working that turns intent into an outcome.
No debate is settled here, which is partly the point. If engineering value is moving upstream, businesses may need to rethink what they preserve, review, audit, and treat as intellectual property.
The next bottleneck may be understanding, not production
What happens when the cost of producing a feature falls dramatically? According to the paper, the constraint simply moves.
Yiannis Kanellopoulos, founder and CEO of code4thought, talks about a new form of debt: “We are producing code that nobody understands. And the moment you need to evolve it, you discover you cannot evolve what you never understood in the first place.”
The paper calls this “knowledge debt.” Unlike technical debt, it can start the moment AI-generated output reaches production without anyone fully understanding what it does.
That concern is real in an AI-driven time. Testing teams may battle to keep pace. Product and marketing functions may have to deal with release volumes they cannot absorb. Existing monetization models may change at a much slower pace.
Markus Borg, Principal Researcher at CodeScene and Adjunct Associate Professor at Lund University, talks about the scale of the problem: “The cost of creating code is approaching zero. There’s no way a human can keep up with that.”
The full findings look deeper, exploring why some companies may drown in AI-generated output while others use those very tools to change what they can build.
Trust cannot depend on reviewing everything after the fact
Traditional software assurance works on the premise that people can inspect, review, and approve work before it moves to the next stage.
Agentic development challenges this. Preci says: “Trust isn’t something you grant after a review. At machine speed, trust is something you have to architect into the rails from the start.”
The paper examines what this might mean in practice: deterministic tooling, policy-as-code, immutable audit trails, scoped credentials, and controls designed around systems that can act faster than the people charged with reviewing it all.
Meri Roboci, Cyber Security and AI Enablement strategist at DWS Group, looks at this from a security perspective: “We still apply a zero-trust approach. Just as in cybersecurity, the same discipline extends to AI.”
AI may accelerate development, but businesses still need evidence that systems behave as they are meant to. The answer cannot just be more manual review, because manual review has become the bottleneck.
How teams combine deterministic analysis, AI agents, and human accountability could well become one of the most important engineering questions of the next few years.
AI amplifies the organization it enters
The paper keeps returning to one idea: AI does not arrive in a vacuum.
Give agents healthy, modular code, and they may perform precise work. Give them tangled legacy systems, and they will undoubtedly encounter many of the same problems that frustrate human engineers.
The same applies well beyond code. Poor identity controls, bad data hygiene, unclear model risk ownership, and low AI literacy do not suddenly vanish when an organization brings agentic development on board.
Kanellopoulos says agents are like Ferraris, while many old codebases are dirt roads. Buying the car does not give you a track.
His conclusion is that AI-assisted engineering will demand more discipline, not less: “We are entering the industrial era of software engineering. That requires a new kind of discipline, not obedience, but standardization.”
Yet the prerequisites are not only technical. The paper also looks at adoption, skills, and the order in which businesses introduce governance.
Roboci offers a lesson: “When we led with governance, people experienced it as obstruction because they couldn’t see the reasoning behind the rules. When we shifted to building AI literacy first, the governance that followed felt logical, not imposed. Sequence changes everything.”
The full paper digs more into the human and technical housekeeping that may help promote productive AI adoption while preventing faster-moving disorder.
The software engineer’s role is moving upstream
The contributors mostly agreed when it came to discussing what happens to engineers themselves.
Preci believes that the dividing line will be whether engineers can move beyond implementation: “There’s very little middle ground for software engineers, and the determining factor is whether they evolve from code producers to architects.”
The paper also describes a role increasingly centered on architecture, orchestration, problem definition, judgment, evaluation, and the ability to communicate intent clearly.
George Marinos, Assistant General Manager, Innovation & Digital Partnership at the National Bank of Greece, has seen something particularly telling within his own teams: “The best results with agents are being achieved by people with managerial skills.”
His reasoning is that an agent increasingly resembles a junior collaborator. The quality of the result depends on how clearly someone can describe the request, define constraints, and explain the evaluation criteria.
But the paper also raises a harder question that is still unresolved: what happens to entry-level engineers when AI absorbs the tasks that once helped juniors learn the profession?
That concern is up there with the risk of de-skilling more experienced developers who become disconnected from the code their tools produce. The paper does not claim to have all the answers, rather, it treats the transition itself as one of the industry’s most important open questions.
A profession working through structural change
Perhaps the most useful aspect of the paper is that it resists issuing a verdict on AI-assisted software development.
The contributors disagree about whether prompts, specifications, solutions, or ways of working will become the new primary artifact. They approach trust from different directions. They also see different risks in abundance and different possibilities for the engineering profession.
Having said that, several threads come up again and again.
AI makes disciplined organizations more effective and undisciplined ones more dangerous. Engineering judgment is moving upstream. Trust mechanisms must keep up with machine-speed output. And the human consequences of this shift deserve as much attention as the tooling.
As the paper says: “The tools are changing faster than the operating models that wrap around them.”
It’s clear that AI can write code. The question is whether businesses can change quickly enough to govern, understand, and take responsibility for what AI helps them build.
Read the full white paper: AI-Assisted Software Engineering: The New Delivery Paradox
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.


