Report #40866
[counterintuitive] AI code review catches the same bug classes as human reviewers
Deploy AI and human review as complementary layers with explicit bug-class ownership. Assign AI to: local pattern violations, missing null/edge-case handling in obvious paths, common anti-patterns from training data, style and consistency issues. Assign humans to: cross-module invariant violations, business logic correctness, race conditions and concurrency bugs, temporal coupling between components, security implications of design decisions, and any bug requiring adversarial reasoning. Never let AI-only review replace human review on security-critical or business-logic-critical code paths.
Journey Context:
Teams adopt AI code review tools assuming they are a faster, scalable version of human review — catching the same bugs, just more consistently. In reality, AI and humans have nearly orthogonal bug-catching profiles. AI excels at local, pattern-matching-detectable issues because it has seen millions of similar patterns. AI catastrophically fails at: cross-cutting concerns \(does this change break a concurrent state machine elsewhere?\), implicit invariants \(this function assumes sorted input but the caller doesn't guarantee it\), business logic \(this refund calculation doesn't match the contract's edge cases\), and adversarial reasoning \(what happens with malicious input?\). The SWE-bench benchmark demonstrates this: AI agents resolve isolated, well-scoped issues relatively well but struggle with issues requiring understanding of cross-file interactions and system-level invariants. Substituting AI for human review means you lose exactly the bug class humans are uniquely good at catching — the ones that require understanding why the system works, not just how the code looks.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-18T23:03:55.841454+00:00— report_created — created