AI Doubled Engineering Output But Review Never Caught Up
A longitudinal study of 802 developers and 196,212 pull requests at an enterprise AI mandate found per-developer throughput more than doubled — but human review coverage fell from 89% to 68% while silent, comment-free approvals held flat even as volume doubled. Automated review overtook human review, and reviewer load doubled alongside authoring output. For PMs, the lesson isn't that AI writes bad code — merge and revert rates barely moved — it's that authoring capacity and review capacity no longer scale together, and most teams haven't rebuilt review to match.
This week, pull the numbers your own team already has: what share of merged PRs get a substantive human comment versus a silent approval, and how has that ratio moved since your team's AI coding tool adoption crossed 50%? Most engineering leaders can answer the throughput question instantly, citing PRs merged or story points closed, but have no idea what's happening to review depth, because nobody's tracking it as a metric that can degrade. The concrete action: before your next planning cycle, define a risk tier for code review: mandatory human review with required comments on anything touching auth, billing, data schemas, or external APIs, and automated-first review for everything else, rather than letting review policy drift toward whatever the tooling defaults to. Don't wait for a revert or an incident to force the conversation; this study's own authors admit merge and revert rates are too coarse to catch the problems that matter until it's late. To be fair to the AI-coding pitch: the throughput gains here are real, broadly distributed across seniority levels, and AI-authored code was actually reverted less often than human code, not more. This isn't an argument against adoption. It's an argument against adopting the authoring tool and assuming the review process takes care of itself. It won't — and the org that notices first has a real advantage over the one that finds out during a postmortem.
Per-developer throughput hit 2.09x baseline (21.2 to 44.3 PRs/month) across 802 developers and 196,212 PRs in a 2024-2026 enterprise field study, per arXiv:2607.01904.
Eight hundred and two developers. 196,212 pull requests. Twenty-eight months. And one number that should stop every engineering leader mid-scroll: per-developer throughput hit 2.09x the pre-mandate baseline — one of the largest productivity gains ever documented from a field deployment of AI coding tools, according to a longitudinal study of an enterprise "2x" mandate published on arXiv in July 2026 (Hao He, Shyam Agarwal, Yegor Denisov-Blanch, Pavel Azaletskiy, Sanmi Koyejo, and Bogdan Vasilescu).
The verdict, though, isn't about the code getting written. It's about who's left checking it.
The Number Everyone Will Quote
Here's the headline stat the press release version of this study writes itself: per-capita output at this mid-sized, AI-forward company climbed from 21.2 to 44.3 merged pull requests per developer per month. AI-authored PRs went from effectively zero to roughly 90% of all submissions, with the steepest jump arriving after the org standardized on Claude Code following an earlier Cursor-heavy phase. Gains weren't uniform: management-tier output rose 86%, individual contributors rose 27%, and newer repositories (2022 and later) saw 44% gains versus a statistically insignificant 12% in legacy codebases.
That last detail matters more than it looks: AI tools compound where the codebase is already clean and well-documented, and stall where it isn't. If your repo is a decade of accumulated shortcuts, don't expect the same curve.
The Number Nobody Will
Now the part that doesn't make the slide deck. Human review coverage on these PRs fell from 89% to 68%. Automated review coverage rose from 19% to 84%.
Substantive human reviews, the ones with actual comments and not a rubber stamp, dropped from 39% to 21% of all PRs. And silent approvals, PRs that got a checkmark with zero discussion, stayed flat at roughly 50% the entire time. Read that last figure again: the share of code approved without comment didn't rise, but the volume behind it doubled.
Per-reviewer load, unsurprisingly, roughly doubled too.
Picture a factory that doubles the speed of its assembly line but keeps the same three quality inspectors doing the same spot-checks they always did. Nobody changed the inspection process, so nobody notices the defect rate creeping up — until the recall. That's what's happening to code review at this company, and if the pattern generalizes, at yours.
Why Merge Rates Lie
The study's authors are careful here, more careful than most vendors selling you an AI coding tool will be. Merge rates stayed essentially flat and revert rates actually declined slightly, with AI-authored PRs reverted 6.7 percentage points less often than human-written ones. To be fair to the mandate: that's a real result, not a rounding error, and it undercuts the easy narrative that AI code is sloppier code.
But the authors themselves call merge and revert rates "coarse, short-horizon proxies that miss defects, incidents, and maintainability." They also flag what they can't measure: diluted ownership, eroded understanding of what's actually in the codebase, and what they call "cognitive and intent debt," the gap between what a team can produce and what it can actually explain. Intent debt compounds quietly: the further a team drifts from understanding why a change was made, the harder it becomes to safely modify that code months later, long after the PR that introduced it is forgotten. Outside commentary on the study has converged on a similar concern: call it cognitive surrender, the tendency to approve rather than scrutinize once review demand outstrips human attention span.
AI cycle times for these PRs actually got longer post-mandate, not shorter: total cycle time rose 20-22%, pickup time rose 14%, and review-lead time rose 18%, even as coding time dropped slightly. The authoring bottleneck didn't disappear. It moved twenty feet downstream and got quietly renamed a review backlog.
Here's the reframe worth sitting with: this was never a productivity story. It's a capacity-reallocation story, and the capacity that got reallocated is human judgment.
The Roadmap Question
I've watched this movie before, just with different actors. When cloud computing hit its adoption curve around 2010-2012, provisioning got an order of magnitude faster and plenty of ops teams that didn't rebuild their monitoring and incident-response discipline in parallel got blindsided by outages nobody caught until they were customer-facing. The infrastructure moved faster than the org's ability to observe it.
This study is the same structural failure mode showing up one layer up the stack: authoring outpacing verification.
The study's authors are blunt that their site is a best case, not a base case, a company they describe as a "near-ideal, unusually favorable" environment, meaning what you should read out of this is an upper bound, not an industry average. Your mileage will likely be worse before it's better.
Here's my falsifiable read on where this goes next: by Q2 2027, expect the engineering orgs that actually sustain 2x-plus throughput to be the ones that shipped a formal, risk-tiered review policy: human eyes mandatory on anything touching auth, payments, or data schemas, and automated review for everything else, rather than the ones that just bought more AI seats. The mandate isn't the hard part. Rebuilding review as a discipline that scales independently of who or what is writing the code is the harder part.
So before you set your own team's throughput target for next quarter, ask the question this study actually answers: when your engineers ship twice as much code, does anyone in your org have twice the capacity to know what's actually in it?
Get this in your inbox. AI Rundown Daily delivers original briefings every morning — free. Subscribe →
Frequently Asked Questions
Not quite — a flat or improving revert rate is genuinely a positive signal, and AI-authored PRs in this study were reverted 6.7 percentage points less often than human-written ones. But the study's own authors describe merge and revert rates as "coarse, short-horizon proxies" that don't capture latent defects, production incidents, or long-term maintainability. A PR can merge cleanly and still be the reason a team can't safely modify that code a year later, which reverts simply don't measure.
The fix isn't more headcount, it's a policy change: routing review effort by risk rather than applying the same shallow pass to every PR. That means defining which categories of change (auth, billing, schema migrations, external API integrations) require mandatory human review with comments, and letting automated review handle the rest. It costs a few hours of engineering leadership time to define the tiers and some tooling work to enforce them — cheap compared to the alternative of discovering the gaps during an incident.
The authors are explicit that their site is a best case, calling it a "near-ideal, unusually favorable" environment for an AI rollout and cautioning readers to treat their numbers as an upper envelope rather than an industry average. The dose-response relationship between AI usage and productivity is also an association the developers self-selected into, not a randomized causal test. Expect smaller gains, and likely a worse review-capacity gap, at organizations with less mature engineering culture or older codebases.