Actual AI Logo
Actual AI
Open menu
Back to Blog
The Rise and Fall of Code Review
AI DevelopmentCode ReviewDeveloper Productivity

The Rise and Fall of Code Review

John Kennedy
3/14/2026
9 min read

For decades, code review was a footnote in the development process. Developers wrote code, maybe a colleague glanced at a pull request, and it shipped. Studies consistently showed that engineers spent less than 5% of their working time reviewing other people's code. It was important in theory, neglected in practice.

Then AI changed everything, twice.

Phase 1: The Before Times

Before GitHub Copilot launched in 2022, code review was something most developers did reluctantly. The typical workflow was: write code, open a PR, tag a reviewer, wait. The reviewer would skim the diff, leave a "LGTM," and approve. A 2018 study at Google found that developers spent roughly 3 hours per week on code review. Microsoft Research reported about 6 hours per week, around 15% of a 40-hour week, and notably found that code reviews rarely caught the functional bugs that should actually block a submission. Either way, review was a modest slice of the job, and not an especially effective one.

The reasons were straightforward. Developers wrote their own code. They understood the context. Reviews were a formality for most changes and a genuine checkpoint only for large architectural decisions. The bottleneck was always writing, never reviewing.

Phase 2: The AI Review Explosion

When AI code generation tools arrived, something unexpected happened. Developers started generating code faster than ever, but they didn't trust it. And they shouldn't have.

Early AI-generated code was syntactically correct but semantically suspicious. It compiled. It ran. But it also introduced subtle bugs, ignored edge cases, used deprecated APIs, and occasionally hallucinated entire libraries that didn't exist. Developers found themselves spending more time reading AI output than they would have spent writing the code themselves.

The math was brutal. If you could generate a feature in 10 minutes that would have taken 2 hours to write, but then spent 45 minutes reviewing, debugging, and fixing the AI's output, you saved time. But your ratio of review-to-write flipped completely. Suddenly, code review wasn't 5% of the job. It was 20%. Then 30%. For some developers, it approached 50%.

We started tracking this shift in our developer surveys. In our December 2024 survey, we asked developers: "On a typical day, how much of your coding time is spent reading/reviewing code?" The results showed the shift was already underway, with significant numbers of developers reporting 20% or more of their time spent reviewing.

We repeated this question across January surveys, February, and March 2025. Each time, the data told the same story: developers were drowning in review.

Phase 3: The Tooling Catches Up

Two things happened simultaneously to bring the parabola back down.

AI code generation got better. The models improved. Context windows expanded. Agentic workflows meant AI could run tests, check types, and validate its own output before presenting it to a developer. The quality floor rose dramatically. You could trust the output more because it had already been through a layer of automated self-review.

Automated code review tools arrived. Tools like Greptile, CodeRabbit, Graphite, and Claude Code Review could analyze AI-generated code for security vulnerabilities, performance issues, best practice, and style consistency, removing the need for humans to catch the mechanical stuff. The tedious, exhausting part of review, checking for null pointer exceptions, verifying error handling, confirming API contracts, got automated away.

The combination was powerful. Better generation meant fewer bugs to catch. Better review tools meant the bugs that remained got caught automatically. Human review returned to what it always should have been: a check on architectural decisions, business logic correctness, and system-level concerns.

Phase 3.5: The Disappearing Review

Now we're seeing something that would have been unthinkable two years ago. Top developers are barely reviewing their code at all.

This isn't carelessness. It's a rational response to a changed environment, and the key enabler is test coverage. Teams that have embraced test-driven development with near-100% coverage have effectively replaced human review with automated verification. When your AI coding agent writes the code, runs a comprehensive test suite, passes type checking, validates against architectural rules, gets reviewed by an automated code review tool, and deploys through a staged rollout with automatic rollback, what exactly is a human reviewer adding?

The answer, increasingly, is: not much.

The reason tests matter so much in this new world is that agent loops are dramatically more effective when they have access to test results. An AI agent that can run tests, see failures, and iterate until they pass is self-correcting in a way that no amount of human review can match for speed. Write the tests first, let the agent write the implementation, and the tests become the reviewer. The feedback loop is measured in seconds, not hours waiting for a colleague to look at your PR.

The developers who have fully embraced agentic workflows describe a process where they define what needs to be built, write the tests that specify correct behavior, and let the AI build until the tests pass. They intervene when something novel happens, when a genuinely new architectural pattern is needed, or when business requirements are ambiguous. But for the 80% of development work that's well-understood feature building, bug fixing, and incremental improvement? The human review step has evaporated.

What Our Data Shows

Our five survey snapshots from December 2024 through March 2025 capture the right side of the parabola. Across all five surveys, we asked developers the same question about how much time they spend reviewing code:

The trend line across these snapshots mirrors what we hear in conversations with engineering teams: review time is dropping fast, and the developers who still spend significant time reviewing are often the ones who haven't adopted automated review tooling.

What This Means for Teams

The implications are significant for how engineering organizations structure their work.

Code review as a role is disappearing

If review is automated, you don't need senior engineers spending their mornings going through PRs. That time gets redirected to architecture, mentoring, and system design.

Test coverage is the new code review

The teams that have eliminated code review didn't just throw caution to the wind. They invested heavily in test-driven development and near-100% test coverage. Tests are the specification that both humans and AI agents can verify against. When an agent loop can run your full test suite in seconds and iterate until everything passes, comprehensive tests become a more reliable quality gate than any human reviewer. If your team still relies on code review to catch bugs, the real problem is insufficient test coverage.

Quality gates are shifting left

Instead of catching problems in review, teams are catching them in specification and tests. If the spec is right, the tests encode it correctly, and the AI passes them all, the code is right. Review becomes spec review and test review, both of which happen before any implementation code is generated.

The skills that matter are changing

Reading code was a core developer skill. It still matters, but it matters less than writing good tests, reading requirements, reading system behavior, and reading production metrics. The developers who thrive aren't the ones who can spot a bug in a diff. They're the ones who can write the test that catches the bug before it's ever written.

The SOC 2 Problem

There's one force pushing back against the disappearing review: compliance. SOC 2 Type II controls typically require that code changes are reviewed by someone other than the author before deployment. For teams subject to these audits, eliminating code review entirely isn't an option yet.

In practice, what we're seeing is a split workflow. The AI code review tools do the heavy lifting, catching security issues, flagging best practice violations, and verifying test coverage. A human reviewer then skims the PR, confirms the automated checks passed, and approves. The review takes 30 seconds instead of 30 minutes. The human is taking responsibility, not doing the analysis.

Some teams are already working with their auditors to document AI review tools as part of their control narrative, listing automated code review, test coverage gates, and static analysis as the verification layer, with human approval as the sign-off. Early indications suggest auditors are receptive when the automated controls are well-documented and consistently applied.

We expect the SOC 2 specification to evolve. The intent of the control was always to prevent a single developer from shipping unchecked code, not to mandate that a human eyeball every line. As automated review tools mature and audit firms build comfort with AI-verified workflows, the requirement will likely shift from "a second human reviewed this" to "an independent verification process validated this." Until then, the pragmatic approach is human-in-the-loop approval backed by comprehensive automated review.

The Uncomfortable Implication

If top developers aren't reviewing their code, what does that mean for code quality? Counterintuitively, it might mean quality is going up. Human code review was never that reliable. Studies consistently showed that manual review caught only 15-30% of defects. Automated tools catch more, faster, and without the cognitive fatigue that makes a reviewer rubber-stamp the fourth PR of the morning.

The parabola isn't just a curiosity. It's the shape of a profession being restructured around AI. We went from not reviewing because we trusted ourselves, to reviewing frantically because we didn't trust AI, to not reviewing because we built systems that made trust unnecessary.

The code review era was shorter than anyone expected.

Building AI-powered development teams? Actual AI helps engineering leaders implement spec-driven workflows, automated quality gates, and agentic development processes that scale.

More Articles

AI DevelopmentEngineering Management

Estimated Developer Minutes: A Simple Way to Measure What AI Actually Produces

Estimated Developer Minutes (EDM) asks one question: how long would a human developer take to write this code? Inspired by Stanford research, it's how Actual AI measures real AI productivity.

3/17/20263 min read
AI DevelopmentEngineering Management

From Vibe-Coding to Specs: How Junior Developers Are Finding Their Place in AI Teams

AWS Kiro and spec-driven development are reshaping how junior developers contribute to AI-enabled software teams, moving beyond the senior developer advantage.

12/17/20257 min read