hello@krischase.com
Back to Blog
AI & AutomationAIAutomationEngineeringLeadershipCursorAI

AI Writes 46% of Code Now. Only 29% of Devs Trust What Ships.

Cursor 3 just launched agent fleets. Adoption is at an all-time high. So why does nearly three-quarters of the dev world not trust what AI actually ships to production?

5 min read
900 words
AI Writes 46% of Code Now. Only 29% of Devs Trust What Ships.

AI Writes 46% of Code Now. Only 29% of Devs Trust What Ships.

Cursor 3 dropped this week with parallel agent fleets, self-improving code review, and 78% PR issue resolution. AI now writes nearly half the code at companies using these tools. And yet a new survey shows only 29% of developers trust AI-generated code enough to ship it without heavy review.

That gap — between adoption and trust — is where engineering orgs are quietly bleeding time.

Speed Was Never the Bottleneck

Most CTO conversations about AI right now go like this: "We need to move faster. Let's get the team on Cursor." And within a week, velocity metrics look great. Lines of code up. PR volume up. Standups faster.

Then a production incident happens. Something the AI wrote confidently, that passed review, that nobody fully understood. And now the team spends three days debugging code that was generated in three minutes.

This is the adoption-trust gap. And it compounds.

Devs who don't trust AI output review everything twice. The time you saved generating code, you spend verifying it. Worse, the developers who do trust it blindly are shipping bugs at a rate 41% higher than their pre-AI baseline — that's the finding from Karpathy's recent analysis that quietly killed the "vibe coding" narrative.

The real constraint isn't speed. It's verification.

What CTOs Are Getting Wrong

Here's the failure pattern I see across engineering orgs right now:

  1. Adoption without a trust framework. Teams get Cursor licenses. Nobody defines what AI-generated code needs before it ships. Every dev makes up their own rules.
  2. Speed metrics without quality metrics. PRs per week goes up. MTTR and defect rate aren't tracked. The feedback loop that would catch the problem doesn't exist.
  3. No skill files or prompt standards. Each dev prompts differently. You get wildly inconsistent output quality across the same codebase.

Cursor 3's self-improving code review agent is a genuine step toward fixing this — it learns from your PR history and catches issues before merge. But it only works if your PR process has signal to learn from.

The Fix: A Verification Layer, Not More Speed

Here's the framework I use when an engineering org asks me to help them close the trust gap:

Step 1: Define your AI trust tiers

Not all code is equal risk. Map your codebase into three tiers:

  • Tier 1 (ship freely): Tests, scripts, boilerplate, internal tooling. Low blast radius.
  • Tier 2 (review required): API endpoints, data transformations, auth flows. Senior eyes on every AI-generated PR.
  • Tier 3 (AI assists only): Payments, security, compliance. AI suggests, human writes.

Most teams treat all code the same. This simple split cuts review overhead by ~60% because Tier 1 is 70% of the volume.

Step 2: Standardize prompt inputs with skill files

The variance in AI output quality isn't the model's fault — it's the prompts. Here's the skill file structure I drop into every Cursor project:

# .cursor/rules/api-endpoint.md

## When creating or modifying API endpoints:
- Always include input validation with Zod schema
- Return typed responses — no `any`, no untyped objects
- Add error handling for every external call (DB, 3rd party API)
- Include a JSDoc comment block with params, return type, and one example
- Log errors with structured context (userId, requestId, endpoint)
- Never expose internal error messages to clients

## Required tests for every endpoint:
- Happy path
- Invalid input (400)
- Unauthorized (401/403)
- Service failure (500)

When every dev uses the same rules file, AI output becomes predictable. Your code reviewer knows what to check for. Your trust scores go up.

Step 3: Build the feedback loop

This is what most teams skip. Track AI-generated PRs separately. Tag them. Measure:

  • Defect rate vs. non-AI PRs
  • Revert rate
  • Review cycle time

Within 30 days, you'll know which types of AI-generated code are safe to ship faster. Which categories still need heavy review. Which devs are using AI well vs. creating cleanup work.

Cursor 3's self-learning review agent accelerates this — but you still need the data infrastructure to tell it what good looks like in your codebase.

The Real Opportunity

The trust gap isn't a blocker. It's a competitive advantage hiding in plain sight.

Every engineering org is running the same race right now: get AI tooling, watch velocity spike, wonder why quality isn't keeping up. The teams that solve verification first will pull ahead — not because they're writing more code, but because they're shipping better code faster with less rework.

I've seen this across the companies I work with. The ones that built a trust framework before scaling AI usage are compounding their productivity gains. The ones that skipped it are spending it on incident response.

27 years of watching tools come and go: the technology is rarely the problem. The process around the technology is always the problem.

Work With Me

I help engineering orgs adopt AI across their teams — not just in the code, but in how product, support, and ops work too. If you want to move faster without growing headcount, let's talk.

Kris Chase

@krisrchase
Share:
XLinkedInFacebookRedditBluesky
Executive Tools