GitLab's AI Accountability Report highlights a widening control gap around AI-generated code as Harris Poll suggests that AI coding adoption has moved beyond experimentation and into core development workflows—while the governance structures needed to manage associated risks have not kept pace.
According to the report, 80% of respondents say their organisations adopted AI coding tools faster than they developed policies to govern them. That mismatch is echoed in the governance outcomes: 92% report challenges related to managing AI-generated code.
GitLab frames “AI accountability” as an organisation’s and its platform’s ability to answer three practical questions about any line of AI-generated code: where it came from, what it was meant to do, and who is responsible once it reaches production. On current evidence, most organisations cannot answer those questions reliably today.
The survey also points to a broader behavioural shift. While 91% of organisations report using two or more AI coding tools (and 54% use three or more), developers are increasingly writing and committing code more quickly.
Some 78% report faster code output after adopting AI tools, and 60% say AI coding return on investment has exceeded expectations. However, speed appears to be outpacing oversight. Forty-three per cent of respondents say they cannot reliably distinguish AI-generated code from human-written code within their own codebases—a problem that becomes more acute as AI-generated code accumulation grows over time.
This concern is not merely operational. Many respondents link AI coding to maintainability and future risk: 73% are concerned about maintainability of AI-generated code, and 82% believe it risks creating a new form of technical debt that organisations are not prepared to manage. GitLab describes this as an “AI Paradox”, where developer productivity improves but the overall software delivery process does not accelerate at the same pace.
Control and traceability remain central barriers. Although 87% of respondents are confident they could determine within 24 hours whether AI-generated code contributed to a production incident, 34% of organisations that experienced an incident in the past year could not actually make that determination. Structural gaps drive the failure: 43% cite difficulty distinguishing AI-generated from human-written code, while 40% point to fragmented toolchains and 39% to systems that do not track code origin.
The report concludes that governance is the missing layer. It adds that only 28% say software development lifecycle tools are fully integrated with shared data and workflows. Investment intent is rising: 91% expect to invest in AI code governance tools within 12 months, and 98% have allocated or plan to allocate budget.
“AI coding tools have delivered on their promise of speed. But the events of the past few months, including supply chain attacks, reliability issues, and regulators tightening expectations around AI traceability and provenance are making clear that speed without control is a liability, not an advantage,” said Manav Khurana, chief product and marketing officer at GitLab. “The teams thinking ahead are already asking the harder question: can we actually control all the code we’re generating?”
