New! Cross-repo review, mined rules, and skill governance
→ See it in action
Log in
Log in
Log in
Book a Demo
Get Started
881.7K 637.4K 11.7K

AI Gave Teams Velocity. The Governance Harness Comes Next.

Itamar Friedman

Written by Itamar Friedman

Jun 23, 2026
4 min read

Every high-speed system eventually gets a safety layer. The aircraft got air traffic control. The automobile got the seatbelt once the consequences of operating without one at speed became obvious.

Engineering is no different. AI has given development teams velocity with agents across the SDLC. The next wave is building the new safety harness to protect production code quality and govern AI code.

The Old Quality Model

For 20 years, code quality meant roughly the same thing: PR review done by senior engineers. Documented standards in wikis. Linters and test coverage. The system wasn’t perfect, but it matched the pace of development: one developer, one PR, one reviewer who understood the codebase. You could hold quality in your head.

AI-native teams don’t look like this. Planning agents draft specs, while coding agents generate and refactor. Deployment pipelines run autonomously. Standards still live in senior engineers’ heads and rules exist, but they drift. Agents review code, but they operate on whatever context they’re given, which is rarely the full picture. Agent skills encode how teams want AI to build software but with no visibility, no analytics, no enforcement.

The infrastructure that used to hold quality in place was designed for a slower, human-authored SDLC.

The Cost of AI Velocity

That gap shows up in the data. The Faros AI Engineering Report 2026 tracked two years of telemetry across 22,000 developers and 4,000 teams. Incidents per PR are up 242%. Median time in code review is up 441%. Bugs per developer are up 54%. AI velocity is real. But so is what’s accumulating behind it.

The most important finding was not that quality metrics worsened. It was that mature engineering organizations deteriorated at roughly the same rate as everyone else. Same incident rates, same review burden, same bug growth.

For decades, engineering maturity created leverage. Strong processes, disciplined review practices, clear ownership structures, and institutional knowledge produced better outcomes. The maturity advantage disappears at AI scale.

The consequences aren’t limited to code quality.

Large organizations are discovering a second-order effect of AI-native development: the economics become difficult to predict. Uber, for example, burned through its entire AI budget in four months. Many observers interpret this as a cost problem. I think it is better understood as a  governance problem. Runaway spending is often the first visible symptom.

Traditional software purchasing was predictable. Organizations bought seats, assigned licenses, and forecast spend. Agentic systems behave differently. A single task can trigger planning, retrieval, code generation, review, testing, remediation, and follow-up actions across multiple models and systems. The cost is dynamic, distributed, and often invisible until it accumulates.

The underlying issue is the absence of controls governing when agents operate, what resources they can access, what models they can use, what actions they can take, and what conditions should stop them. A coding agent without governance is not just a quality risk. It’s an open-ended execution loop with production and financial impact.

Caution Is Not a Scalable Strategy

If process and discipline were sufficient, disciplined organizations would be protected. They’re not. The tools built for human-paced development fail under AI-speed volume regardless of how carefully they were run before. More processes won’t fix a missing layer of infrastructure.

So teams reach for the only tool available: caution. Start with small agents. Limit scope. Keep humans in the loop at every step. And those are reasonable instincts. But “start small” is advice you give when there’s no safety harness yet. It doesn’t generalize to a hundred agents running across a hundred repos. It’s telling people to be careful instead of building the system that makes the work safe and works at scale.

The Governance Harness for AI Coding

At Qodo, we’ve watched this play out across hundreds of engineering teams. The ones making the most progress aren’t the ones with the most agents. They’re the ones that started treating governance as infrastructure. One team that got there after a bug made it to production, despite review processes already in place, was HiBob. A change broke one of their mobile app’s most-used flows. The bug wasn’t missed for lack of review. It was flagged in the original PR. The human reviewers overlooked it, the code shipped, and the fix sat in app store review for ten days. That was enough to change how the team thought about governance

In traditional software engineering, quality was structural. Staging environments, deployment gates, test runners, linters. None of these were individual choices each developer made. They were infrastructure. The harness was the pipeline itself.

Today, as agents take on more of the SDLC, organizations need a new kind of infrastructure that governs how agents operate: when they should run, what resources they can access, what models and workflows they are allowed to use, what should be logged and reviewed, and what conditions should stop execution. Standards can’t live only in wikis. Review can’t stop at the boundaries of a single pull request. Skills and workflows can’t remain invisible and unmanaged.

Cursor put it plainly in a recent blog: “a great cloud agent experience requires a durable execution platform, a powerful harness, and tools to give agents realistic development environments.”

Governance Is the Moat

We’re at the beginning of building the equivalent layer for AI-velocity code. The question that will define the next five years: which organizations built the infrastructure to govern what AI produces, and which ones didn’t?

I’ve watched this pattern play out before. Teams that invested early in test culture had a structural advantage over those that tried to bolt it on at 200 engineers. Teams that standardized on code review before scaling had better outcomes than those that treated it as optional until it wasn’t. Infrastructure decisions made when the stakes feel low determine your options when they don’t.

The governance harness is that decision now. At Qodo, we’ve spent years building toward it: not because governance is the cautious choice, but because it’s the foundation that makes everything else compound. Organizations that treat this as infrastructure rather than process will look back at this period as when the gap opened. The others will spend years trying to close it.

About the author
Itamar Friedman
Itamar Friedman

CEO and Co-founder @ Qodo

“Time is Brain”

Get started with Qodo for AI Code Review

Get Started
Share this post

More from our blog

Check out our musings on generative AI, code integrity, and other geeky stuff:

GENERAL
7 min read

New Features: Qodo v2.4 and the next layer of code quality governance

Nastasha Casale
Nastasha Casale
Jun 23.2026
GENERAL
2 min read

Introducing the Super Qodoers Ambassador Program

Dana Fine
Dana Fine
Jun 17.2026
Dark illustration of a central platform connected to five floating question mark boxes, representing SonarQube alternatives
CODE REVIEWS,
22 min read

Top 5 SonarQube Alternatives in 2026

Nnenna Ndukwe
Nnenna Ndukwe
Jun 17.2026
Browse all posts