86% of Companies Let AI Agents Ship Code Without Review
Somewhere this week, an engineering lead approved a pull request they never actually read line by line. Not because they were lazy. Because their team’s AI agent wrote it, tested it, and merged it faster than a human reviewer could open the diff. That is not a hypothetical. It is the daily reality for the 86% of organizations that Anthropic and research firm Material found have already moved past experimenting with AI coding agents and into deploying them for production code.
The question dividing engineering leadership right now isn’t whether agents can write code. That argument is over. The question is whether the human reviewer, the person whose job has been to catch the agent’s mistakes before they ship, still has a job to do at all. A KTH professor says no. The data on what happens when review disappears says: it depends entirely on what broke.
The data nobody can ignore
Start with the number that matters most. In Anthropic and Material’s 2026 State of AI Agents Report, a survey of more than 500 U.S. technical leaders across company sizes, 86% of organizations said they’ve moved beyond pilot projects and are now running AI coding agents against production code. Enterprises lead adoption at 91%, small and midsize businesses trail at 83%, but neither number reads as experimental anymore.
The more consequential figure sits one layer deeper. 42% of organizations already trust agents to lead development work, with humans providing oversight rather than writing or gatekeeping every change. That’s not autocomplete. That’s a structural shift in who holds the pen.
Augment Code’s separate survey of 219 engineering leaders backs this up with a harder number: 48% of all code shipped by their respondents is now AI-generated. But here’s the gap that should worry every CTO reading this: only 19 of those 219 organizations have formally updated role definitions or hiring practices to reflect it. The technology moved. The org chart didn’t.
Why Cursor and a Stockholm professor collided in June
Two signals rarely converge this cleanly. On June 11, 2026, Martin Monperrus, Professor of Software Technology at KTH Royal Institute of Technology and an IEEE Fellow, published a preprint arguing that mandatory human review before merge is “no longer a necessary component of a software quality pipeline.” His case: every function review historically served (catching bugs, enforcing standards, transferring knowledge) can now be performed by agents at lower cost and higher throughput.
Weeks earlier, Cursor’s own numbers pointed the same direction. In December 2025, Cursor acquired the code-review startup Graphite, whose customers include Shopify, Snowflake, and Figma. CEO Michael Truell told Fortune the quiet part out loud:
“The way engineering teams review code is increasingly becoming a bottleneck to them moving even faster as AI has been deployed more broadly within engineering teams.” Michael Truell, CEO, Cursor (Anysphere) · Fortune, December 19, 2025
Academic argument and vendor telemetry almost never line up within weeks of each other. Usually the research lags the market narrative by a year or more. That collision, more than either data point alone, is the actual news here.
Context that’s easy to miss: this isn’t a startup phenomenon. Microsoft has said as much as 30% of code inside its own repositories is now AI-written. Cursor’s own growth tells the same story from the vendor side: annualized revenue went from roughly $100 million at the start of 2025 to over $1 billion by November, according to Forbes.
The productivity question nobody has actually answered
Here’s where the narrative gets uncomfortable. The single best piece of randomized, controlled evidence on AI coding productivity says the opposite of what the adoption numbers imply.
METR, an independent AI evaluation nonprofit, ran a controlled trial with experienced open-source developers using Cursor Pro with Claude 3.5 and 3.7 Sonnet. Result: developers were 19% slower completing real tasks with AI tools, despite believing afterward that they’d been roughly 20% faster. Perception and reality moved in opposite directions.
It gets stranger. When METR tried to run a 2026 follow-up with a larger cohort, the study design collapsed. Between 30% and 50% of invited developers refused to complete tasks without AI access at all, even at $150 an hour. METR couldn’t build a clean control group because professional developers had become too dependent on the tools to work without them for pay.
METR’s own read: agentic tools like Claude Code and Codex have probably improved since early 2025. They just can’t currently measure the magnitude, because the population they’d need to study no longer exists in an AI-free form.
Is that a productivity win or a dependency problem? Both readings fit the same data.
Where this breaks: the governance gap
Adoption running ahead of governance is the actual headline, and the numbers make the gap explicit.
| Signal | Figure | Source |
|---|---|---|
| Orgs deploying agents for production code | 86% | Anthropic × Material, 2026 |
| Orgs citing reliability/hallucination as top barrier | 55.4% | Futurum Group, 1H 2026 |
| Orgs already monitoring accuracy in production (i.e. after the fact) | 50.4% | Futurum Group, 1H 2026 |
| Orgs with a confirmed or suspected agent-related security incident | 88% | Gravitee, Feb 2026 |
| Orgs treating agents as independently auditable identities | 22% | Gravitee, Feb 2026 |
Read that table straight through and the pattern is stark. Most organizations are already absorbing failure costs live in production instead of catching them upstream. And when something does go wrong, most can’t even cleanly say whether an agent or a human made the change, because agent actions still route through shared API keys and human credentials rather than independent identities.
Merritt Baer, CSO at Enkrypt AI and former Deputy CISO at AWS, frames the deeper problem as a false sense of assurance:
“Enterprises believe they’ve ‘approved’ AI vendors, but what they’ve actually approved is an interface, not the underlying system.” Merritt Baer, CSO, Enkrypt AI · VentureBeat, 2026
Simon Willison, the Django co-creator who coined the term “prompt injection,” puts the security risk in even starker terms. He’s said publicly that he expects the industry needs something like a Challenger-scale disaster before organizations properly sandbox autonomous agents, noting that most people running these tools, himself included, are effectively “running these coding agents practically as root.”
NeuralWired has already documented what that looks like in practice. Our recent breakdown of 12 companies whose AI deployments failed includes Replit’s agent deleting a live production database, a concrete answer to the abstract question of “what could go wrong.”
What engineering leaders should do this quarter
The teams handling this well aren’t debating whether to trust agents. They’re defining, in writing, which categories of change get zero-human-review autonomy and which don’t.
- Tier your changes. Routine maintenance and dependency bumps can run autonomous. Auth, payments, and data-deletion paths get a mandatory human checkpoint, no exceptions.
- Track model provenance per commit. If you can’t currently answer “which agent, which model version, wrote this line” from your own logs, that’s the gap Gravitee’s data says 78% of organizations still have.
- Move testing beyond unit tests. Property-based and mutation testing catch the failure modes that pattern-matched review misses, which matters more once a human isn’t reading every diff.
- Reallocate review effort upstream. The highest-leverage human work moves from reading diffs to writing and auditing the specification the agent works from. That’s a different skill, and most teams haven’t trained for it yet.
- Stress-test your incident attribution before you need it. Run a tabletop exercise: can your team currently prove, from logs alone, whether a specific production incident was agent-caused or human-caused? If not, fix that before scaling autonomy further.
For teams thinking about the cost side of scaling this kind of pipeline, our recent piece on FinOps and DevOps integration covers the operational spend question this shift creates.
The case against “review is over”
Monperrus’s paper drove the news cycle, but it hasn’t gone unchallenged. Critics on Hacker News flagged that the paper’s own section on agent review capability is thin, a single paragraph doing a lot of argumentative work, and some readers suspected AI-generated prose in the paper itself. Fair or not, that undercuts its force as proof the review era has ended.
A more substantive rebuttal comes from an independent essay response, which argues the reviewer is being superseded but the review itself isn’t disappearing. It’s relocating, from reading diffs to writing specifications and owning accountability, which for most engineering organizations is arguably a harder skill gap to close than diff-reading ever was.
The benchmark data backs that relocation argument up. On SWE-bench Verified, frontier models now clear roughly 70% or better. On SWE-bench Pro, a contamination-resistant variant built specifically to test genuinely novel engineering problems, the best performers top out near 23%. Agents are strongest exactly where human review historically added the least value: routine, well-precedented changes. They’re weakest exactly where review has always mattered most: novel, high-stakes logic.
Our read: the “shipping in production” half of this story is real and well-supported by the Anthropic and Augment Code numbers. The “reliability problem is solved” half is not, and Futurum’s own respondents say so directly. Treat any internal productivity claim, including your own team’s, with the same skepticism METR was forced to apply to its own 2026 follow-up study.
For a wider look at how often agentic AI rollouts stall entirely, see NeuralWired’s earlier analysis of why 70% of AI agent deployments fail, and for a tooling-focused comparison, 7 AI developer tools tested against real benchmarks.
Frequently asked questions
Yes, increasingly. Anthropic and Material’s 2026 survey of over 500 U.S. technical leaders found 86% of organizations deploy AI coding agents for production code, and 42% already trust agents to lead development with human oversight rather than requiring pre-merge review of every change.
The evidence is mixed. METR’s 2025 randomized controlled trial found experienced developers were 19% slower using AI tools despite believing they were about 20% faster. METR’s 2026 follow-up couldn’t reliably re-measure this because too many developers refused to work without AI access at all.
A survey of 219 engineering leaders by Augment Code found 48% of all code is now AI-generated, though only 19 of those 219 organizations have formally updated role definitions or hiring practices to reflect the shift.
Very common. Gravitee’s 2026 survey of over 900 executives and technical practitioners found 88% of organizations confirmed or suspected at least one AI-agent-related security incident in the prior year, and only 22% treat AI agents as independently auditable identities.
Reliability and hallucination management in production, cited by 55.4% of organizations as their top barrier in Futurum Group’s 1H 2026 survey of 820 decision-makers, ahead of cost, integration, or talent concerns.
What this means going forward
Here’s what’s actually settled: AI coding agents are writing and shipping production code at a majority of organizations right now, not in some projected future state. That part of the story is well-evidenced across three independent surveys covering more than 1,400 combined respondents.
What’s not settled: whether removing human review makes software better, worse, or just differently risky. The honest answer, based on everything above, is that it depends entirely on what kind of change is being shipped, and almost no organization has yet drawn that line formally.
Over the next 6 to 18 months, watch for three things. First, whether insurers and regulators start treating “no human review” as a material risk disclosure, given the EU AI Act’s high-risk provisions taking full effect in August 2026. Second, whether a major, publicly attributed agent-caused incident forces the “Challenger moment” Simon Willison has predicted. Third, whether the 19 out of 219 organizations that have already formalized new engineering roles turn out to be the ones that avoid it.
Want the next data-backed breakdown before your competitors see it? Subscribe to The Neural Loop at neuralwired.com/newsletter.
