back to reflections

Not Reading Code Is Not a Flex

Some developers brag about never reading AI-generated code. That is not progress. It is a role that can no longer justify itself. The human plus LLM combination is the real differentiator, not blind delegation.
Petko D. Petkovon a break from CISO duties, building cbk.ai

"I don't read the code anymore. I just tell agents to write reports about it." is the new brag circulating in developer circles. Architecture overview, sure. Tests, maybe. But the actual code? Apparently that's beneath the modern developer now.

If this is really how you work, you should be updating your resume, not bragging on social media.

If you are not reviewing the code that ships into your systems, what exactly is your job? You are not writing it. You are not reading it. You are consuming a filtered, lossy summary of what was actually produced. That is not engineering. And if your position requires neither writing nor reading code, it is a position that can hardly be justified when someone eventually asks what you do all day.

But "Models are good enough now." And yes, they are remarkably capable. The code compiles, and the tests pass, Everything looks reasonable at first glance. This is exactly where the dangerous bugs live - race condition in an async handler, off-by-one in a pagination boundary, security assumption that holds in dev but fails in production. No architecture report catches these. You catch them by reading the actual code.

I don't know what kind of code these people are working on, but the code we write at CBK.AI always requires review, not because LLMs aren't getting better, but because they are not perfect. And more importantly, the human plus LLM combination is a powerful differentiator. It is categorically better than either one working alone. The LLM brings speed and breadth. The human brings judgment, taste, and the lived experience of maintaining a specific codebase for years. Remove the human from the review loop and you an unaudited pipeline. Code that is statistically likely to be fine, which is a very different thing from code you know is fine.

The developers who are actually will be thriving are the ones who will get dramatically faster at reading code even if reading is by intuation and pattern recognition rather than line-by-line.

You get used to it, I don't even see the code. All I see is blonde, brunette, redhead

Cypher - The Matrix (1999)

That instinct is worth developing. "I review hundreds of PRs a week and spot a bad one in under a minute" is a flex. "I don't bother reading the code" is not.

When someone tells me they don't read code anymore, what I actually hear is "I have delegated my core responsibility to a system I don't fully understand, and I'm trusting it on faith." That might work for a while. It might even work for a long while if the stakes are low enough. But the moment something breaks, and something always breaks, you'll be the person responsible for code you never looked at. And the question will be "what were you doing"?

Good luck with that.

A personal note: we currently have over a thousand open pull requests generated by agents. We accept maybe one or two a day. Every single one gets reviewed by a human. That is not a bottleneck but the quality bar. The agents do the exploring. The humans do the selecting. Take either side out and you get worse software.

AIcodingdevelopmentagentscode-review