AI-Assisted Development · Verification

Tests Passed. CI Is Green. Production Just Broke.

A green build means the tests you wrote passed. It does not mean the change is safe. When AI writes more of the code, that gap is where your production incidents come from.

The four failures green CI misses The five lenses that catch them The one review that must be independent

An engineer on your team merged an AI-assisted PR on Thursday. The test suite passed, CI stayed green, the deploy went out clean. Tuesday morning, a customer found the failure that none of it caught.

If you run engineering, an AI-generated change that passed every test has probably already reached your incident channel, or it is about to. The uncomfortable part: nothing in that pipeline malfunctioned. Every gate did exactly what it was designed to do. The problem is what the gates were never designed to see.

A green build means the tests you wrote passed. It does not mean the change is safe.

The failure that was never in the test suite

One incident pattern we keep meeting, told as a composite. An agent refactors error handling on an API endpoint, and along the way a malformed request that used to return 400 starts returning 500. Every test passes, because no test ever pinned that status code.

The endpoint stays up, so monitoring stays quiet. But a partner integration treats 400 as "fix the request and stop" and 500 as "retry until it works," and by morning the retry storm is your incident. The diff that caused it was reviewed, tested, and merged by the book.

Notice what failed. Not the agent, which produced working code, and not the tests, which verified everything they were written to verify. What failed is the assumption that those two things together add up to safe.

This is not a one-team problem, and it is not a tooling problem. Engineering leaders we compare notes with describe the same pattern: more change per week, the same reviewers, and postmortems that keep tracing back to changes that merged on green.

Why AI-assisted code changes the verification calculus

When a senior engineer writes code by hand, the authorship itself is a verification pass. She weighed the edge cases while typing, noticed the odd default, hesitated over the query that might not scale. Your review pipeline, your CI thresholds, your merge habits were calibrated over years for code that arrived pre-thought-about.

An agent produces confident, clean-reading code without that pass ever happening. The engineer who prompted it "wrote" a change they never reasoned through line by line. That is not a flaw in Claude Code or Cursor; it is a property of the workflow, and your verification process has to price it in.

Three shifts that compound
  • Volume. The same reviewers now absorb far more change per week. More PRs and the same eyes means thinner attention per diff.
  • Confidence. AI-generated code reads clean. Well-named, well-structured code invites a skim, and a skim is not a review.
  • The authorship gap. The thinking that used to happen during typing never happened at all. The edge cases were never in anyone's head, so no gate downstream can assume they were handled.

We felt this on our own delivery. Our engineers use Claude Code daily and AI reviews every pull request, and the honest lesson was that the human verification bar had to move up, not down, as generation got faster.

Four ways AI-generated code fails in production after green CI

Four categories of production failure pass a green build routinely. Each one answers the same question: why did the tests say nothing?

1. Silent regressions

A sort order that was stable but never specified. A default that flipped, an event that stopped publishing, a synchronous step that quietly became async. The tests said nothing because the old behavior was observable but never pinned: it worked, so nobody wrote it down.

2. Widened attack surface

A just-added endpoint missing its authorization attribute. Tenant scoping enforced on every query except the one added last week, internal IDs leaking into a customer-facing payload, raw SQL that skipped parameterization. The tests said nothing because test suites verify what code does, and almost never what it should refuse to do.

3. Budget blowouts

An N+1 query inside a loop that a ten-row test fixture will never expose. An unbounded query over user-controlled input, a missing page limit on a list endpoint. The tests said nothing because latency problems live in production-sized data, and CI data is never production-sized.

4. Maintainability debt

The silently swallowed exception. The method named like a read that also writes, the duplicated logic that will drift apart the first time someone changes one copy and not the other. The tests said nothing because this code passes every test today; it causes the incident in month three, after the context has fallen out of everyone's head.

None of these are exotic. They are the ordinary contents of AI-assisted diffs that merged on green, and every one of them is invisible to the single question CI asks.

"Tests passed, ship it" is the anti-pattern

Most teams run one merge rule, whether or not it is written down: green CI equals safe to ship. What that rule skips is every kind of reading except the one your pipeline automates. The rule made sense when a human author had already thought each change through; it stops making sense once agents write a meaningful share of the diffs.

The fix: five lenses on the same diff

The fix is not asking a senior engineer to hand-read every AI-assisted line. At agent speed that job is impossible, and pretending otherwise is exactly how diffs start merging unread. The fix is to read the same diff several times with different questions, and to let AI do most of the reading.

This is the verification discipline we run on client codebases. It has five lenses:

The five verification lenses
  • Functional. Does the change do what was asked? This is the lens CI already runs: tests for the change pass, existing tests still pass, none were skipped or quietly deleted.
  • Regression. Did it break what worked? A hunt for silent behavior changes: flipped defaults, changed status codes, vanished events, synchronous steps gone async.
  • Security. Did it widen the attack surface? Authorization, input validation, data exposure, and injection, examined on every just-added path.
  • Budget. Does the change stay within latency and resource limits? Queries, loops, and I/O judged against production-sized data, not fixture-sized data.
  • Maintainability. Can a future human change it safely? Names that tell the truth, no swallowed exceptions, no duplication waiting to drift.

Look back at the failure taxonomy. Each of the four categories is exactly what one missing lens lets through, and the only lens most pipelines run is the first.

The regression lens is where we lean on a tool of our own. Reading a diff tells you what changed; a regression suite pins what must not, and the silent-regression category wins precisely because that behavior was never written down as a test. Our automated testing framework closes that gap: hand it the running application, and it generates the regression suite and runs it, so behavior that used to live only in production gets pinned before the next agent-written change touches it. It strengthens one lens. The other four are still reads.

Running four extra reads on every change used to be an unaffordable amount of senior-engineer time, which is why nobody did it. AI changed the economics of verification the same way it changed the economics of generation. Each lens becomes a focused AI review pass with its own instructions, a regression scout, a security reviewer, a wary maintainer, and the marginal price of one more read is one more pass, not another hire.

Your senior engineers' job changes shape instead of disappearing. They stop trying to read every line and instead triage severity-ranked findings from each lens, push back on the noise, and make the merge decision with the full picture in front of them.

One constraint you can adopt this week: at least one read of every diff must be independent. Someone, or something, has to read the change cold, with no memory of the session that produced it.

GitHub Copilot's PR review runs in a separate context from the IDE session that wrote the code, which makes it a genuinely different reader. A human reviewer given only the diff does the same job.

How deep each lens goes, the reviewer persona each one needs, and how to run all five on every PR without slowing merges down: that is next week's post. Today's takeaway is the model itself, a green build is one lens of five.

Where this argument stops

Be careful with claims that AI-generated code is inherently worse per line. That is not our argument, and our own delivery does not support it. The failure we keep seeing is organizational, output scaled and verification did not, and that failure is fixable.

Verification also is not without expense, and not every change deserves every lens. A pure CRUD change with no schema or query work can reasonably skip the latency read. Skip it explicitly and say so in the PR; the anti-pattern is ambiguity, not the skipping.

And if your delivery was unstable before AI arrived, review discipline alone will not rescue it. Small batches, working version control habits, and fast feedback loops are the foundation, and AI amplifies whichever foundation you have.

The question to ask your team this week

Pull your last five production incidents and ask one question about each: was the change that caused it blessed by a green build? Then ask the harder one: apart from the test suite, what actually read that diff before merge, and with what attention?

Your tests pin the behaviors someone thought to test. Everything else in the diff ships unexamined unless you have made verification a deliberate discipline rather than the box at the end of the pipeline. That discipline is the second half of how we run AI-assisted development on client codebases; the first half, understanding the system before the agent touches it, is a phase we have written about in why AI made coding faster but not projects faster and in the codebase archaeology most AI workflows skip.

If your team is shipping AI-assisted code and the review process has not changed since 2023, that gap is worth a conversation, whether with us or within your own leadership team.

Pressure-test your review process

Tell us how your team verifies AI-assisted changes today. We come back with a written read from our engineering team on where the gaps are, judged against the five lenses we run on client codebases.

Start the conversation

AnAr Solutions engineers AI-assisted software delivery for teams that have to answer for what reaches production. Our verification process, and the workshop that teaches it, grew out of production agentic and AI-assisted delivery work, not a slide deck.

Our Latest Blogs
Clear Filters
AI Made the Coding Faster. It Didn’t Make the Project Faster.
Software delivery timeline showing coding time shrinking while understanding and verification time stays the same.
The Codebase Archaeology Phase Most AI Workflows Skip
Robot with a magnifying glass examining legacy code, asking what the code is not telling an AI agent, for a post on the codebase archaeology phase AI workflows skip
What an AI Agent Needs to Know Before It Edits a 12-Year-Old Codebase
An AI coding agent reading a legacy codebase before editing it: the system, the change site, and the invariants
The Real Cost of an Agentic AI Pilot (It’s Not What You Think)
Senior leader at a whiteboard sketching an agentic AI workflow
What We Tell Every CTO Before They Start an Agentic AI Project
Agentic AI Readiness for CTO
Why 88% of Agentic AI Pilots Never Reach Production (And How to Be the 12%)
Why-Agentic-AI-Pilots-Fail
Why AI Coding Tools May Hurt Your Productivity and What You Can Do?
Why AI Coding Tools May Hurt Your Productivity and What You Can Do
MCP vs API: Choosing the Right Path for AI Integration
MCP-vs.-API-Choosing-the-Right-Path-for-AI-Integration
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.