‘Vibe coding’ and bloat risk

The 2024 DORA report found roughly three quarters of developers now rely on AI for at least one daily responsibility (76% reported use). (services.google.com)) DORA’s analysis also estimated that each 25% bump in AI adoption correlates with a 1.5% drop in throughput and a 7.2% drop in delivery stability. (devopslaunchpad.com)) An Oct. 1 analysis of GitHub activity cited by industry coverage found the average developer checked in about 75% more code in 2025 than in 2022, a surge commentators link to increased AI-generated output. (darkreading.com)) Industry audits and vendor research report concrete safety problems: one survey-style analysis states up to 45% of AI-generated code samples introduce OWASP Top 10–class vulnerabilities, and practitioners observe repeated replication of insecure patterns. (developers.dev)) Academic and engineering research is converging on a bifurcated future where humans own high‑risk, critical‑path architecture while AI handles scaffolding and repetitive work; MIT’s “Challenges and Paths” roadmap explicitly positions humans at high‑level design while multiple outlets document agent brittleness in production contexts. (news.mit.edu)) Product and platform teams are formalizing guardrails now: Agoda says engineers remain accountable and has implemented review gates for AI output, specialist vendors publish patterns for sandboxing, prompt‑caching and risk‑tiered review, and cloud providers like AWS extended Bedrock’s guardrails specifically for code generation. (developer-tech.com)) Security vendors and platform engineers recommend operational patterns — golden paths, automated PR checks, and risk‑based approval gates — as the mechanism to funnel AI‑generated changes into auditable, maintainable surfaces rather than letting agents directly alter critical services. (snyk.io))