
TL;DR
- A major new study of 30,000+ enterprise systems finds AI coding tools amplify existing engineering discipline — for better or worse.
- AI-generated code carries roughly twice the security risk of human-written code, and more than half contains vulnerabilities.
- One autonomous AI project built a system in a week but racked up €10–15 million in token fees and produced nearly unmaintainable code.
- The competitive advantage in the AI era belongs not to the fastest movers, but to organizations with solid architecture and governance foundations already in place.
The Study That Should Reset Every Enterprise AI Conversation
There's a particular kind of corporate optimism that surrounds AI coding tools right now. The pitch is seductive: give your developers AI assistants, watch productivity soar, ship faster, win market share. It's not wrong, exactly. It's just dangerously incomplete.
The Software Improvement Group (SIG) has published its State of Software 2026 report — arguably the most data-rich analysis of enterprise AI-assisted development to date. Drawing on more than 30,000 enterprise systems and over 400 billion lines of code, the report lands a finding that every IT leader, CTO, and board member needs to sit with: AI doesn't improve software quality on its own. It amplifies whatever engineering discipline already exists. Where governance is strong, AI accelerates delivery. Where it's weak, AI accelerates the collapse.
That's not a metaphor. The numbers bear it out in uncomfortable detail.
What the Numbers Actually Say
Let's start with security, because this is where the report pulls no punches. In SIG's own testing environment, AI-generated code showed roughly twice the security risk violations compared to human-written code. More than half of all AI-generated code examined contained vulnerabilities. And this isn't happening in a vacuum — the report's broader benchmark found that 71% of enterprise code already has a low degree of security controls, even before AI enters the picture.
The maintainability situation is equally sobering: 86% of assessed code falls below SIG's recommended maintainability rating. Half of all systems scored below the recommended architecture rating. So the baseline, for most enterprises, is already shaky. AI doesn't fix that. It builds faster on top of it.
"Technical debt silently slows down software teams. AI-powered analysis can help large .NET solutions uncover code complexity, duplicate logic, outdated dependencies, and architectural bottlenecks before they become costly problems."
— @CsharpCorner
That insight from the developer community captures an important nuance: AI can be part of the solution to technical debt — but only if it's applied analytically and deliberately, not just generatively at speed.
The €15 Million Cautionary Tale
If a single anecdote in the SIG report deserves to become an industry legend, it's this one. Autonomous AI agents were given a development task. They delivered — in a week. Impressive, right? Here's the rest of the story: the project incurred between €10 and €15 million in AI token fees, and the resulting code was described as "nearly unmaintainable."
Think about that for a moment. A week of machine-speed development. A multi-million euro bill. And a codebase that nobody wants to touch. That's not a productivity gain. That's a very expensive technical debt time bomb with a stylish bow on it.
The report identifies a reinforcing pattern here: developers generate more code to satisfy AI-driven metrics, then spend more tokens revising and correcting that output, eroding the productivity gains they set out to achieve in the first place. It's the software equivalent of digging a hole to fill a hole.
There's also a hard ceiling on gains in larger codebases. Once a project exceeds 100,000 lines of code, productivity benefits from AI effectively disappear. The reason is architectural: large language models simply cannot adequately comprehend complex software architecture at that scale. They can generate plausible-looking code. They can't understand the system it lives inside.
Token Costs Are a New Budget Line Item (And It's Surprising)
Here's something that doesn't get enough airtime in AI adoption conversations: token consumption. For a team of just 50 developers, AI token spending now averages the equivalent of nearly one additional developer's salary annually. And agentic coding tasks — where AI autonomously handles multi-step development work — can consume up to 1,000 times more tokens than standard code chat or reasoning tasks.
This is a real cost center that organizations are underestimating. The €15 million case study isn't a freak outlier; it's what happens when agentic AI is given free rein without governance guardrails.
"N-able announced new capabilities that help organizations detect and monitor employee use of AI tools across endpoints and networks — visibility into AI applications, browser extensions, APIs and developer tools."
— @EmmanuelInvest
The emergence of tools focused specifically on Shadow AI Visibility — detecting unauthorized or unmonitored AI tool usage within organizations — speaks directly to this governance gap. If enterprises can't even see what AI tools their teams are using, they certainly can't manage the quality or cost of what those tools produce.
The CEO's Take: This Isn't an Anti-AI Report
To his credit, SIG CEO Luc Brandts is careful to frame the report's findings correctly. This is not a case against AI in software development. The productivity gains are real. Organizations that refuse to engage with AI tooling risk falling behind competitors that learn to use it well.
But Brandts draws a sharp line:
"You cannot manage what you do not measure, and you cannot sustain speed on a foundation you do not understand. When code generation outruns governance, technical debt accumulates faster, security exposure widens, and the systems a business depends on become harder to maintain and evolve."
That's the thesis in a single paragraph. AI is a multiplier, not a foundation. And multipliers work in both directions.
The Enterprise AI Infrastructure Race
What's particularly interesting about this moment in the market is that the most sophisticated players are starting to understand this. Enterprises aren't just buying AI coding tools anymore — they're investing in the infrastructure layer that makes those tools governable, auditable, and strategically sound.
"Zeta Global and Palantir Technologies today announced a strategic partnership to build the enterprise AI infrastructure layer that connects operational intelligence, customer intelligence, and market intelligence."
— @DG_Invests
The race isn't just to adopt AI — it's to build the governance infrastructure that makes AI adoption durable. That's a meaningful signal about where enterprise value is actually being created right now.
What Strong Governance Actually Buys You
The SIG report isn't just a warning document. It also quantifies what good governance is worth — and the numbers are compelling.
- Stronger architecture reduces issue-resolution time by 30%
- Systems with lower code-level technical debt show up to 72% stronger security compliance
- Reducing code-level technical debt can save an estimated €870,000 in developer time per system per year
- 72% of AI systems in production currently score below SIG's recommended build-quality rating — meaning the majority of enterprises deploying AI-built systems are already carrying elevated risk
The financial case for investing in code governance before scaling AI is, frankly, overwhelming. The question is whether organizations will heed it before they've accumulated the debt that makes the lesson expensive.
The Real Differentiator in the AI Era
Here's the uncomfortable truth for enterprise IT leaders who've been told that AI adoption speed is the primary competitive variable: it's not. The SIG report makes a compelling case that the differentiator isn't which AI coding tool you adopt, or how quickly you roll it out across your development teams. It's whether your architecture standards, code governance frameworks, and measurement practices are solid before you let AI generate at scale.
For organizations across Switzerland and Europe navigating the move from AI pilots to full production deployment, this reframes the strategic question entirely. The companies that will win aren't necessarily the fastest movers. They're the ones that built the right foundation first — and are now able to use AI as a genuine accelerant rather than an accelerant for disaster.
Speed is valuable. But speed on a solid foundation is transformative. Speed on a weak one is just a faster way to arrive somewhere you didn't want to go.
The Bottom Line
The State of Software 2026 report is a landmark document precisely because it moves the AI conversation out of hype and into accountability. AI coding tools are powerful. They are also consequential. The organizations that treat governance as a prerequisite for AI adoption — not an afterthought — will find that AI genuinely delivers on its promise.
The rest will be case studies in very expensive cautionary tales.
Measure before you build. Govern before you generate. And if your foundation has cracks, know that AI won't patch them — it'll just help you build taller on top of them.
Published in Stream · Dispatch #436 · June 23, 2026 · 8 min read.
Reply to paolo@mont3.ch - every email gets a human answer within 24h.