A CodeRabbit analysis of 470 GitHub repositories found that AI-generated pull requests average nearly 11 issues each—roughly 1.8 times the defect rate in human-authored submissions. Between December 2025 and early 2026, production incidents per pull request rose 23.5%. If your review process has not changed since your team adopted AI coding agents, those two data points warrant attention. The code is shipping faster. The risk per merge is higher. And most PR workflows were built for a world where every line of diff had a human author.
The Defect Profile Is Different, Not Just Larger
Volume is part of the problem, but the type of defect matters more. A formal verification study published in April 2026—Broken by Default—examined AI coding assistants generating production code in security-sensitive domains and found exploitable vulnerabilities at rates that conventional static analysis does not reliably surface. SAST tools are tuned for the patterns that characterize human-written bugs. They miss the class of defects AI tools introduce at higher rates.
Veracode's 2025 GenAI Code Security analysis puts the overall vulnerability rate at 2.74 times higher than human-written equivalents. The specific categories tell the story: insecure object reference rates climbing 91%, cross-site scripting vulnerabilities nearly tripling, insecure deserialization rising 82%. These are not random noise. They reflect failure modes that emerge when a model trained on a broad corpus generates code that compiles, passes tests, and looks correct in a quick visual scan.
Research from arXiv published in April 2026 (From Industry Claims to Empirical Reality) documents that autonomous coding agents have been generating code at unprecedented scale—one major agent produced over 400,000 pull requests within two months. At that volume, the assumption that standard review catches what matters breaks down arithmetically.
The Reviewer Attention Problem
Scale is only half the problem. The other half is how reviewers actually behave under AI-generated PR load. A parallel study from April 2026 tracked how agent-authored PRs are handled in practice: reviewers frequently apply lighter scrutiny to AI-generated submissions, operating under the implicit assumption that the agent's output has already been validated. That assumption is wrong. Agents apply training distributions, not governance rules. There is no automatic enforcement of your organization's security policy in the generation step—only in what you put between generation and merge.
A senior engineer reviewing five PRs a day has a manageable cognitive load. Reviewing fifty—where thirty were written by an autonomous coding agent overnight—does not, particularly when the defect patterns are subtle and context-dependent. The reviewers most capable of catching dangerous cases are also the most likely to be rationing attention across a queue that has multiplied in size.
What Changes at the Process Level
Five changes worth making before your next sprint:
Add author-type metadata to your PR template. Tag every submission as human, AI-assisted, or agent-generated. You cannot govern what you cannot distinguish.
Route agent-authored PRs through a separate review checklist. Cover the OWASP categories AI tools most commonly miss: broken object-level authorization, injection, insecure deserialization, and security misconfiguration.
Track production incident rate by author type. Most teams lack this baseline. Without it, you are making governance decisions without knowing whether AI-generated code is causing disproportionate post-merge incidents.
Set merge rules by risk tier, not just author. An agent-generated change to a utility file is lower risk than an agent-generated change touching authentication logic. File sensitivity and change scope should influence merge requirements.
Automate the risk signal. Manual checklists degrade under volume. The goal is a consistent, computed risk score in front of the reviewer before they open the diff—not additional steps that get skipped when the queue is long.
The common thread is that you need an explicit governance layer between AI generation and production merge. Most teams currently have none: the agent generates, the pipeline runs, and a human reviews without knowing which submissions carry elevated risk. That sequence worked when humans wrote the code. It is not sufficient when an agent wrote a third of it overnight. Re-entry.ai scores every pull request for security and compliance risk before it reaches a human reviewer—automatically flagging the submissions that warrant deeper scrutiny and clearing the ones that do not, so engineering teams can maintain velocity without losing control of what ships.