GitLab Research Reveals Organizations Are Generating AI Code Faster Than They Can Control It

Key Terms

devsecops technical

DevSecOps is the practice of building security checks into the whole software creation and delivery process instead of treating security as a separate step at the end. For investors, it matters because products that find and fix vulnerabilities earlier tend to ship faster, cost less to maintain, and carry lower risk of damaging breaches or regulatory fines — much like installing quality and safety checks on a car while it’s being assembled rather than after it leaves the factory.

agentic ai technical

Agentic AI refers to computer systems that can make their own decisions and take actions without needing someone to tell them what to do each time. It's like giving a robot a degree of independence to solve problems or achieve goals on its own, which matters because it could change how we work and interact with technology in everyday life.

technical debt technical

Technical debt is the extra work and cost a company incurs when it chooses quick, imperfect software or system fixes instead of doing a more thorough job now. Like patching a leaky roof instead of replacing it, those shortcuts can slow product development, raise maintenance bills, increase outage and security risk, and reduce a company’s ability to grow—factors investors watch because they can lower profits and company value over time.

software development lifecycle technical

A software development lifecycle is the organized sequence of stages a company follows to plan, design, build, test, deploy and maintain a software product—think of it as the blueprint and construction schedule for a house, carried through to regular upkeep. Investors care because a clear, disciplined lifecycle reduces technical and delivery risk, controls development costs, speeds time‑to‑market and improves reliability and security, all of which influence revenue, regulatory exposure and long‑term value.

supply chain attacks technical

A supply chain attack is when criminals compromise a company’s suppliers, partners, or third-party software to gain access to that company’s systems or products — like slipping a fake ingredient into a recipe so every dish is affected. Investors should care because these breaches can halt operations, force costly fixes, trigger regulatory penalties, and erode customer trust, any of which can reduce revenue and hurt a company’s stock value.

See more from StockTitan in Google Search and AI answers. Adds StockTitan as a preferred source · opens Google

Add on Google Not now

New survey of 1,528 developers and technology buyers shows 80% say their organization adopted AI tools faster than it developed policies to govern them, and 92% report governance challenges with AI-generated code

SAN FRANCISCO--(BUSINESS WIRE)-- ALL REMOTE — GitLab Inc., the intelligent orchestration platform for DevSecOps, today released its AI Accountability Report. Conducted by The Harris Poll, the survey of 1,528 developers and technology buyers across six countries finds that as AI coding tools become standard infrastructure, the conversation is shifting from how fast teams can generate code to whether they can actually control what they are shipping.

The report defines AI accountability as the organizational and technical capability to answer three questions about any line of AI-generated code: where did it come from, what was it meant to do, and who is responsible for it once it's in production? Most organizations cannot answer those questions today.

AI coding adoption and ROI are strong. 91% of organizations have two or more AI coding tools in active use and 78% report that developers are writing and committing code faster since adopting AI tools. But speed is running ahead of control, with 43% of respondents reporting that they cannot reliably distinguish AI-generated code from human-written code in their own codebase. This comes with a forward-looking concern. 73% of respondents are concerned about the maintainability of AI-generated code in their organization's codebase, and 82% say it risks creating a new form of technical debt their organization is not yet prepared to manage.

Key findings:

Agentic AI delivering speed and control is the next frontier

• 91% of organizations have two or more AI coding tools in active use; 54% have three or more
• 60% say AI coding ROI has exceeded expectations; 78% report faster code output; 73% say overall code quality has improved
• 79% agree that individual developer productivity has improved with AI, but the overall software delivery process has not accelerated at the same pace. This is defined as the “AI Paradox”
• 82% say AI-generated code risks creating a new form of technical debt organizations are not prepared to manage
• 85% agree AI has shifted the bottleneck from writing code to reviewing and validating it
• 84% agree the biggest challenge with AI-generated code is governing what happens to it after it's created

Traceability gaps leave organizations exposed

• 87% are confident their team could determine within 24 hours whether AI-generated code contributed to a production incident, yet 34% of organizations that experienced an incident in the past year could not actually make that determination
• The top barriers to control and traceability are structural: difficulty distinguishing AI-generated from human-written code (43%), fragmented toolchains (40%), and systems that don't track code origin (39%)
• Only 28% say their software development lifecycle tools are fully integrated with shared data and workflows

Governance is the missing layer

• 92% report some form of governance challenge with AI-generated code
• 80% agree their organization adopted AI tools faster than it developed policies to govern them
• 83% of organizations identify AI-generated code accumulation as a risk to manage now, with 44% calling it a top technology risk
• 91% are likely to invest in AI code governance tools in the next 12 months; 98% have already allocated or expect to allocate budget
• 85% agree the next phase of AI in software will focus less on generating code and more on governing it

"AI coding tools have delivered on their promise of speed. But the events of the past few months, including supply chain attacks, reliability issues, and regulators tightening expectations around AI traceability and provenance are making clear that speed without control is a liability, not an advantage," said Manav Khurana, Chief Product and Marketing Officer at GitLab. "The teams thinking ahead are already asking the harder question: can we actually control all the code we’re generating? The organizations that will ship trusted software faster are the ones building the foundations of accountability with context, traceability, and governance baked into the platform, not just bolted on after the fact."

About GitLab

GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million registered users and approximately 50% of the Fortune 100* trust GitLab to ship better, more secure software faster.

*Fortune 500® is a registered trademark of Fortune Media IP Limited, used under license. Claim based on GitLab data. Fortune 100 refers to the top 20% ranked companies in the 2025 Fortune 500 list, published in June 2025. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of GitLab.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260623716292/en/

Media Contact
GitLab
press@gitlab.com

Source: GitLab Inc.