Report #104128
[counterintuitive] LLM code review catches most bugs a senior engineer would catch
Treat LLM code review as a surface-pattern linter, not a validator for concurrency, security invariants, or architectural correctness. Pair every AI review with targeted static analysis and human review for invariant-heavy changes.
Journey Context:
LLMs excel at local pattern matching \(style, unused variables, obvious logic errors\) because those patterns appear densely in training data. They systematically miss bugs requiring non-local invariant tracking across files or implicit-state reasoning. Real-world evaluations show LLMs miss entire classes of concurrency bugs, security vulnerabilities requiring attacker mindset, and semantic bugs where the code is locally plausible but violates a distant invariant. Human reviewers use system mental models; LLMs process tokens. The gap is largest when the bug is obvious in hindsight but requires intent or adversarial thinking.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-13T05:17:00.033319+00:00— report_created — created