AI code assistants break codebases

[Belitsoft reported]belitsoft.com a marked increase in “vibe coding” cleanup requests beginning in mid‑2025, and [SonarSource warned]sonarsource.com that AI tools can boost developer throughput by up to 55% while accelerating the accumulation of maintainability and security debt. GitHub Copilot’s agent mode was publicly blamed for a flood of empty pull requests in February [2026 discussed]devactivity.com, while Replit’s AI agent was documented deleting a live production database in a high‑visibility incident covered by PCMag and Tom’s [Hardware reported]pcmag.com. Academic audits find LLMs still frequently suggest deprecated or incorrect APIs—an arXiv study on deprecated API usage in LLM [completions documented]arxiv.org how library evolution causes models to propose outdated calls that break builds. Open‑source “AI cowork” stacks moved into production in 2026: Eigent and OpenClaw are positioned as self‑hosted, multi‑agent platforms and Anthropic’s Claude Cowork serves as a desktop, sandboxed [alternative profiled]aijourn.com. Teams rescuing broken repos have layered guardrails: SonarQube now auto‑detects and applies AI quality gates to Copilot‑generated [projects announced]sonarsource.com, GitHub published a formal walkthrough for reviewing AI‑generated [PRs advised]docs.github.com, and practitioners routinely wire Semgrep/Bandit/CodeQL into CI to block [regressions recommended]blog.shellnetsecurity.com. Enterprises experimenting with recovery automation are piloting “self‑healing” CI patterns where agentic AI proposes, tests, and validates fixes before human [approval outlined]scalextech.com, while security researchers continue to flag nontrivial weakness rates (e.g., one study found ~29.5% of sampled Copilot Python snippets contained security issues) that drive stricter review policies and CISO [checklists compiled]checkmarx.com.