AITechnologyInnovationQA & Testing

AI Is Writing More Code — Who Reviews It?

AI-generated code is accelerating delivery but straining review workflows. Tools like CodeRabbit and SonarQube are stepping in, but the harder question is whether AI can meaningfully review AI.

Photo: Google Gemini · AI-generated

The promise of AI-assisted coding is throughput. Tools like GitHub Copilot and Cursor generate code faster than any developer can type it. The problem nobody planned for is what happens downstream: somebody still has to review all of it.

A recent CIO feature on CodeRabbit puts it plainly — more code is being generated by AI, and that volume is putting real strain on review processes. AI is not always correct. It hallucinates. It does not understand the broader business logic across a codebase. And yet it produces pull requests at a pace that senior engineers cannot absorb.

The tooling landscape is responding

CodeRabbit is one of several platforms addressing this gap. It integrates with GitHub, GitLab, Bitbucket, and Azure DevOps, analyses entire repositories rather than just diffs, and flags issues with severity labels before a human reviewer ever opens the PR. Companies like NVIDIA, Red Hat, and Zillow are using it. The pitch is straightforward: let AI do the first pass so senior engineers spend their time on what matters.

But CodeRabbit is not alone. SonarQube has been doing static analysis and code quality checks for years and continues to evolve its ruleset. GitHub’s own code scanning, combined with Copilot’s expanding review capabilities, is pushing in the same direction. The space is maturing fast.

What these tools share is a common assumption: the bottleneck is not writing code — it is validating it. And that assumption is correct.

Can AI review AI?

The more provocative question is whether code generated by one AI model can be meaningfully reviewed by another. In theory, a second model brings a different perspective — different training data, different biases, different blind spots. In practice, we do not yet know how well this works.

At exbisoft, we have not run structured experiments on AI-reviewing-AI workflows. We are watching the space closely, but we are not going to recommend something we have not validated ourselves. The risk is circular confidence: two models agreeing on something does not make it correct. It may just mean they share the same gap.

What we do know

Automated review tools add the most value when they handle the mechanical layer — style consistency, known vulnerability patterns, dependency issues, test coverage gaps. These are things humans should not be spending time on in 2026.

The harder layer — does this logic actually solve the business problem, does it handle the edge case the product owner described in a Slack thread three weeks ago — remains a human job. No tool we have seen handles that reliably.

What this means for teams building custom software

If your codebase is growing faster because of AI-assisted development, your review process needs to scale with it. That does not mean adding more reviewers. It means instrumenting the review pipeline: static analysis, automated security scanning, and — selectively — AI-powered first-pass review.

The tools are ready for the mechanical layer. The judgement layer is still yours.