Hype and Reality of the AI Coding Shift

What It Covers

Sonar's Chris Grams and Manish Kapoor discuss their State of Code Developer Survey with host Matt Merrill, revealing that 42% of developer code is already AI-generated, 96% of developers distrust that code, and how deterministic verification layers like SonarQube address the resulting quality and security gap.

Key Questions Answered

• •The Verification Gap: 42% of developer code is currently AI-generated, projected to reach 65% by 2027, yet 96% of developers do not fully trust AI-produced code. Engineering leaders must implement deterministic verification layers — tools that produce consistent, low-false-positive results — before shipping AI-generated code into production environments.
• •The Great Toil Shift: AI eliminates traditional toil tasks like writing documentation and tests, but replaces them with new toil: reviewing and verifying AI-generated code. Developers using AI daily spend roughly the same total time on toil as those who do not, and 38% report that reviewing AI code is harder than reviewing human-written code.
• •Shadow AI Risk: 35% of developers access AI tools through personal accounts rather than corporate-sanctioned platforms, exposing organizational IP and data to ungoverned third-party systems. Engineering leaders should establish governance policies that account for agentic workflows, where multiple agents exchange code, prompts, and context data simultaneously.
• •LLM Selection Beyond Benchmarks: Standard coding benchmarks only measure functional correctness. Sonar's leaderboard at sonar.com/leaderboard evaluates 35 models across security vulnerabilities, bug density, cognitive complexity, and cyclomatic complexity per million lines of code. Higher-performing models often produce more verbose, complex code — making holistic evaluation across all dimensions necessary before selecting a model for production use.
• •Experience-Based AI Usage Divergence: Junior developers report 40% productivity gains from AI tools but 66% admit the generated code appears correct while being functionally broken. Senior developers predominantly use AI for understanding legacy code and writing documentation. Both groups benefit from maintaining existing robust code review processes, which apply equally to AI-generated and human-written code.