AI Can’t Build Good Software By Itself. Here's Why, and What You Can Do About It.

AI Can’t Build Good Software By Itself. Here's Why, and What You Can Do About It.

Nick Chase
Nick Chase
September 30, 2025
4 mins
Audio version
0:00
0:00
https://pub-a2de9b13a9824158a989545a362ccd03.r2.dev/ai-cant-build-good-software-by-itself-heres-why-and-what-you-can-do-about-it.mp3
Table of contents
User ratingUser ratingUser ratingUser ratingUser rating
Have a project
in mind?
Let's talk
Key Take Away Summary

AI coding tools—from autocomplete to autonomous agents—are transforming the SDLC. While they excel at speeding up repetitive tasks, they lack architectural judgment. Companies that treat AI as a silver bullet risk technical debt, compliance issues, and security flaws. The real power comes when AI is paired with human oversight, strong guardrails, and a focus on long-term maintainability.

AI is changing how we write and maintain code. But without the right guardrails, AI-powered SDLC can become a “$6 haircut.” Learn where AI helps, where it fails, and how to adopt it responsibly.

“If builders built buildings the way programmers wrote programs, the first woodpecker that came along would destroy civilization.” -- Gerald Weinberg

You could be forgiven for thinking that AI-powered software development life cycle is the "Holy Grail" of software development. Too often driven by short-term financial pressures , getting AI to “write your code” (instead of paying humans) has quickly become one of the most over-hyped promises in modern software engineering. From autocompletion tools that finish your lines to full-blown copilots that generate entire applications, the allure of speed and automation is well nigh irresistible. 

But software development is not just about typing out code (you may remember, as I do, the embarrassing productivity metric of KLOC). Done right, it is about understanding the problem, making architectural tradeoffs, and building systems that scale and last.

Make no mistake: AI today can provide some pretty powerful boosts. But without guardrails, it can just as easily lead you into a spaghetti tangle of technical debt, compliance headaches, and security issues. 

The point is not whether AI can write code. The point is twofold: first, whether that code is any good, and second, whether it fits into a system that is both reliable and maintainable. 

I've spent years working across the software development lifecycle (SDLC). I'm convinced AI will play a central role in the future of how we build software, whether we like it or not (and we should). 

But I'm equally convinced most companies are doing it wrong. 

The AI-powered SDLC needs guardrails and human supervision. Let me explain why, what it does well, and how to adopt it most effectively.

Types of AI Coding Tools

We all talk about "AI coding tools" but in reality, there are several different types, and they all do different things. Broadly, they fall into a few tiers:

  • Autocomplete: This is the simplest tier. It is essentially predictive text for code, finishing common idioms and simple functions. It makes typing faster, but it doesn't understand your system or what you're trying to do.
  • Copilots: Tools like Microsoft/GitHub Copilot take this further, generating functions, tests, or boilerplate from natural-language prompts. They are more context-aware and can work within the boundaries of a file or repository.
  • Code-generation frameworks: Code-generation frameworks go beyond individual functions and can generate larger blocks of code or even entire services. They can save significant time, but the larger the output, the greater the risk of subtle errors or poor architectural fit.
  • Autonomous agents: This is the most ambitious tier, where AI attempts to plan, write, and test code with minimal human intervention. While promising in research environments, in production these tools can produce fragile results that require extensive rework, especially when not properly primed or supervised.

Understanding these levels matters. If you expect an autocomplete tool to reason about architecture, you will be disappointed. If you give an “autonomous” agent full control of your repository but don't give it any guidance, you may spend more time undoing damage than saving effort. Matching the tool to the task is essential.

Where AI Helps Today

AI is already delivering real productivity gains in areas that are well-bounded and repeatable:

  • Boilerplate generation: These tools are generally very good at generating CRUD APIs, unit tests, configuration files, and other repetitive scaffolding, saving developers time they can use for more creative work. (Note that this can include implementing the scaffolding to create an architecture defined by a developer.)
  • Refactoring and documentation: Suggesting improvements, simplifying complex code, and generating inline comments or summaries is fairly deterministic work, and these tools can excel at it.
  • Exploration:  Drafting alternative implementations or showing how a different library or API might be used can save developers the time to look up specific instructions and methods.
  • Onboarding support: Developers coming to an established codebase are rarely met with detailed documentation explaining how everything works. These tools are good at analyzing what's already been written and helping new developers understand existing code by providing contextual explanations or summaries.

In short, AI is fantastic at accelerating the grunt work of development. It allows developers to focus more on the interesting parts of problem-solving. What it does not do is replace the higher-level thinking required to ensure the system as a whole meets requirements, scales under load, and integrates smoothly with other services.

The Architectural Gap

Here is the uncomfortable truth: most AI tools do not think about architecture at all. They can generate a method, but they don't know whether that method fits into your domain model, whether it will perform under production workloads, or whether it introduces an anti-pattern that will haunt you later.

Architecture is about tradeoffs: deciding between performance and maintainability, between speed of delivery and scalability, between cost and complexity. AI can't weigh those tradeoffs when it doesn't have a model of your business, your infrastructure, or your tolerance for risk.

Semantic understanding of code is critical. A developer who looks at a new feature doesn't just think “this compiles” but “this aligns with the broader design of the system.” An AI tool usually doesn't have that holistic view. Treating it as an architectural decision-maker is asking for trouble.

Are new tools popping up seemingly every week?  Yes. Could some of them eventually be trained to understand these factors? Sure. But we're not there yet. We still need humans.

The Human Factor

Software development has always required human judgment, and it still does. Even with AI in the mix, you still need people to:

  • Interpret business requirements and translate them into architecture.
  • Balance security, performance, and usability.
  • Maintain coding standards and enforce quality through reviews.
  • Decide which shortcuts are acceptable and which will create long-term problems.

Context is everything. AI does not know your company’s coding style, regulatory environment, or strategic goals. Developers do. Which is why AI works best when paired with experienced teams that know when to accept its help and when to push back.

The Dark Side of AI Coding, and How to Do It Right

For many companies, "AI-powered SDLC" means "let the AI do all the work." Unfortunately, for many companies, this is creating a time bomb that we will see start to detonate, probably in the next 6-12 months.

It reminds me of an Office Depot commercial from about 15 years ago, where a traditional barber gets competition from "$6 HAIRCUTS" across the street.  His (very effective) solution?  A banner saying "WE FIX $6 HAIRCUTS".

For many companies, AI-powered SDLC is going to be a $6 haircut. 

It doesn't have to be. If you know how to do it right, AI-powered SDLC can be the force multiplier it's supposed to be. The key is to understand where the pitfalls are and do what's necessary to avoid them.

Here are some things to watch out for, and what to do about it.

Code Quality and Technical Debt

  • Risks: AI tools can produce brittle code with hidden dependencies and poor maintainability. Because it's centered around a narrow request, AI-generated code often experiences performance issues at scale, language-specific quirks, and difficulty integrating with legacy systems.

  • How to do it right: Keep humans in the loop with rigorous reviews, enforce coding guidelines, and use automated testing and static analysis. Basically, you want to treat AI output as a draft that developers can finish. You should also pair AI-generated code with performance benchmarks and stress testing to catch issues early.

Legal, Licensing, and Compliance

  • Risks: AI trained on GPL or other restrictive licenses may generate snippets that carry those obligations. In other words, you may wind up effectively open-sourcing your flagship software by inadvertently "incorporating" open source code that requires it. In addition, ownership of generated code remains a legal gray area. Compliance issues can also arise if sensitive data flows through AI systems without safeguards.

  • How to do it right: Work with legal teams to establish clear policies on acceptable tools, review vendor practices carefully, and implement audits for license compliance. Use governance frameworks to keep track of how and where AI-generated code is used, and wherever possible, use snippet analysis tools such as Black Duck or Fossa to identify any code that's been copied from existing projects.

Security and Trustworthiness

  • Risks: Like a child, AI behaves based on its training. That can mean it generates insecure coding patterns, vulnerabilities inherited from training data, and bias baked into generated logic. For example, AI may repeatedly generate code with outdated encryption practices.

  • How to do it right: Apply secure coding standards, run vulnerability scans, and diversify the datasets you use for fine-tuning. Always apply specialized human review for any security-sensitive functionality.

Operational and Financial Risk

  • Risks: Over-reliance on a specific tool or tools can leave you vulnerable to vendor lock-in, tool outages, inflated expectations about ROI, and misalignment with CI/CD pipelines. Many teams underestimate the hidden cost of integrating AI tools into existing workflows.

  • How to do it right: Diversify across vendors, explore open-source alternatives, and establish fallback strategies. Start with pilot programs to validate ROI before rolling out widely. Align AI with your CI/CD process by treating it like any other build dependency that needs monitoring and version control.

Organizational and Workforce Impact

  • Risks: Overreliance on AI tools can lead to disrupted team dynamics, reduced opportunities for junior developers to learn through repetition, and fears about job security. Without planning, AI adoption can create resentment or slow skill development.

  • How to do it right: Invest in training and upskilling, create mentorship models that adapt to the AI era, and be transparent with teams about the role AI will play. Position AI as a tool that elevates developer work rather than replaces it, and make sure to follow up on those promises.

Looking Ahead

The future of AI in software development is not just more autocomplete. The next step is tools that understand code semantically, can reason about architecture, and can provide insight into the impact of changes across a system. 

These tools are coming. Soon.

That shift will affect the workforce. Junior developers will need new ways to learn if AI takes over the simpler tasks that traditionally provided training. Mid-level and senior developers will need to adapt to roles that emphasize architecture, integration, and oversight. Organizations will have to think about how to structure teams when AI is doing more of the lower-level coding work.

Nick Chase
AI/ML Practice Director / Senior Director of Product Management
Nick is a developer, educator, and technology specialist with deep experience in Cloud Native Computing as well as AI and Machine Learning. Prior to joining CloudGeometry, Nick built pioneering Internet, cloud, and metaverse applications, and has helped numerous clients adopt Machine Learning applications and workflows. In his previous role at Mirantis as Director of Technical Marketing, Nick focused on educating companies on the best way to use technologies to their advantage. Nick is the former CTO of an advertising agency's Internet arm and the co-founder of a metaverse startup.
Audio version
0:00
0:00
https://pub-2f2b980a7f5442968ef42f5d8a23da5c.r2.dev/ai-cant-build-good-software-by-itself-heres-why-and-what-you-can-do-about-it.mp3
Share this article
Monthly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every month.

Get the latest news about CloudGeometry, AI Agents, GenAI, Data, Kubernetes & Application Modernization solutions in your Inbox

Join Our Newsletter and Network with 1502+ Data & AI Professionals.
Company
About Us
Leadership
Careers
Contact

Email

Our expert team is here to help
infо@сlоudgеоmetry.com

Phone

Mon–Fri from 8am to 5pm
+1 ‪(408) 444-7061‬

Office

Come say hello at our HQ
100 S Murphy Ave | Suite 200
Sunnyvale, CA 94086
CloudGeometry AWS Partner Network SaaS Factory CompetencyCloudGeometry CNCF Kubernetes Certified Service Provider
Untitled UI logotext
© 2025 CloudGeometry, All Rights Reserved. GDPR Compliance Privacy Policy