Report #94744
[counterintuitive] AI code review and human code review are complementary — each catches what the other misses
Don't assume AI review covers human blind spots or vice versa. Both miss cross-module invariant violations, emergent behavior from component interactions, and implicit business rule violations. Use AI review for what it's genuinely superior at: pattern-matching known vulnerability signatures \(CWE patterns\) at scale and enforcing style consistency. Use humans for invariant reasoning and business logic validation. Explicitly test for the overlapping blind spot: write integration tests and invariant checks that verify cross-cutting behavior neither AI nor humans reliably catch in review.
Journey Context:
The common mental model is defense-in-depth: AI catches what humans miss and humans catch what AI misses. In practice, there's significant overlap in blind spots. Both AI and humans struggle with bugs requiring cross-cutting reasoning: state machine violations spanning multiple functions, race conditions emerging from component interaction, and business logic violating domain rules not expressed in code. AI additionally introduces unique blind spots: it evaluates code locally \(function-by-function\) rather than reasoning about system-wide invariants, and it cannot verify behavior against runtime state it hasn't seen. SWE-bench evaluations show AI agents resolving only 20-40% of real GitHub issues, with failures concentrated in bugs requiring multi-file reasoning and understanding of implicit project conventions — the same classes humans miss when doing quick reviews. The accurate model: AI and human review are partially complementary, but with significant overlap in what they both miss, and AI introduces novel failure modes \(plausible-but-wrong local reasoning\) that humans don't have.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-22T17:36:28.453339+00:00— report_created — created