AI coding tools raise debt & security risks, SIG warns
Wed, 17th Jun 2026
Software Improvement Group has published research linking AI coding tools to higher technical debt, security risk and operating costs in enterprise software. The findings are based on analysis of 30,000 enterprise systems.
The group's State of Software 2026 study examines how AI-assisted coding and autonomous software agents affect code quality, maintainability and spending as businesses bring the tools into mainstream development.
One of the starkest examples is a case study in which autonomous AI agents built a software system in a week, but generated between €10 million and €15 million in AI token fees and produced code described as nearly unmaintainable.
The report says developers are increasingly generating excess code to meet AI-driven productivity measures, only to spend more time and more tokens correcting and refining the output later. It also found that AI-generated code showed roughly twice as many security-risk violations as human-written code, while more than half contained vulnerabilities.
SIG said the productivity gains from AI coding tools can disappear once a codebase reaches 100,000 lines, because large language models struggle to understand more complex software architecture. The study argues that AI does not automatically improve or weaken software quality, but instead magnifies the standards and controls already in place within an engineering team.
Governance gap
That conclusion runs through much of the wider data in the report. According to SIG, organisations with stronger governance around code quality and architecture can use AI to move faster, while those with weaker controls risk accumulating technical debt and security problems more quickly.
The study says AI-generated code now accounts for 1.9% of enterprise production code across the benchmark reviewed. For teams using non-agentic AI coding tools, token spending for a group of 50 developers now averages nearly the cost of one additional developer, while agentic coding tasks can consume up to 1,000 times more tokens than standard code chat or reasoning tasks.
SIG also estimates that reducing code-level technical debt can save €870,000 in developer time per system each year. It found that 86% of code in its benchmark falls below its recommended maintainability rating.
Architecture scores also remained weak. Half of the code assessed scored below SIG's recommended architecture rating, while stronger architecture reduced issue-resolution time by 30%.
Security measures showed similar weaknesses across the benchmark. The report found that 71% of code had a low degree of security controls, and that systems with lower code-level technical debt showed up to 72% stronger security compliance.
AI systems
The research also examined the software quality of AI systems already in production. It found that 72% of those systems scored below SIG's recommended build-quality rating, suggesting that the governance issues affecting conventional software projects are also appearing in newer AI deployments.
SIG said its benchmark covers more than 400 billion lines of code across more than 30,000 systems and more than 300 technologies. The latest findings were drawn from systems analysed over the past year and compared with independent research.
Luc Brandts, Chief Executive Officer at Software Improvement Group, said the results should not be read as a rejection of AI in software development, but as a warning that faster code generation without stronger engineering oversight can create substantial downstream costs.
"Nothing in this report is an argument against AI. The productivity gains are real, and organisations that fail to embrace it risk falling behind those that learn to use it effectively. But you cannot manage what you do not measure, and you cannot sustain speed on a foundation you do not understand. When code generation outruns governance, technical debt accumulates faster, security exposure widens, and the systems a business depends on become harder to maintain and evolve," said Luc Brandts, Chief Executive Officer at Software Improvement Group.