AI coding assistants promised to make developers faster, and in a narrow sense, they did—individual coding time dropped significantly. However, teams using AI heavily are discovering a hidden cost: pull request review times have ballooned by 91%, creating a bottleneck that erases all coding speed gains. While developers churn out 47% more PRs with tools like GitHub Copilot and Cursor, reviewers struggle to keep pace, stuck scrutinizing AI-generated code that looks correct but hides 322% more security vulnerabilities and 153% more design flaws than human-written code.
This reveals a fundamental flaw in how we measure developer productivity. We’ve been celebrating individual output—lines of code, PRs per day—while ignoring team throughput: time from commit to production. AI didn’t fail. Our measurement systems did.
Developers Feel Faster But Measure Slower
The METR randomized trial published in July 2025 revealed a shocking disconnect. Developers predicted AI would make them 24% faster, actually performed 19% slower in controlled tests, yet still believed afterward they’d been sped up by roughly 20%. This perception gap explains why 82% of developers now use AI coding assistants daily or weekly, despite Stack Overflow’s 2025 survey showing only 16.3% see “great” productivity gains.
Moreover, the larger group—41.4% of developers—reported AI had “little or no effect” on their productivity. Many cited frustration with code that’s “almost right, but not quite,” requiring significant debugging time. In fact, 67% of developers spend more time debugging AI-generated code than they save writing it, according to Harness’s 2025 State of Software Delivery report.
Consequently, if developers can’t accurately perceive their own productivity changes, companies are making multimillion-dollar AI investments based on feelings, not facts. This explains why organizations see no measurable delivery improvements despite three-quarters of engineers using AI tools.
Related: AI Productivity Paradox: Developers 19% Slower in 2025
The AI Code Review Bottleneck: Where The Problem Moved
Teams with heavy AI adoption see a 47% increase in daily pull requests but experience 91% longer review times, according to Faros AI’s analysis of over 10,000 developers across 1,255 teams. Furthermore, code sits in review queues for an average of five days—a full workweek—costing companies $1.2 million annually in missed opportunities and delays.
The bottleneck shifted from writing code to reviewing it, and we weren’t prepared. Review capacity hasn’t scaled with PR volume. The same senior engineers who reviewed 20 PRs per week now face 30, each requiring deeper scrutiny. Some teams report losing two full days per week just waiting for code reviews to complete.
As LeadDev points out, writing code was never the bottleneck. Reviews, infrastructure access, approvals, and process overhead were. AI optimized the wrong part of the pipeline. Now teams produce more code faster but ship features slower because review capacity remains constant while demand exploded.
Here’s the math: If AI cuts coding time from four hours to two (50% faster) but review time jumps from one day to 3.5 days (91% longer), total time from commit to production increases from 1.25 days to 3.5 days. Individual productivity doubles. Team throughput drops 64%.
Why AI-Generated Code Requires Deeper Security Review
AI-generated code contains 322% more privilege escalation paths, 153% more design flaws, and 40% more exposed secrets compared to human-written code, according to Apiiro’s 2024 security research. Yet AI code merges four times faster into production, often bypassing thorough reviews. Meanwhile, reviewers need 60% more comments just to address security issues.
The CSET study found nearly half of AI-generated code snippets had at least one security-relevant flaw, some serious enough to enable buffer overflows or unauthorized memory access. AI coding tools replicate insecure patterns from training data—outdated packages, missing input validation, improper memory handling. The code compiles and runs fine. Under the surface, it’s fragile.
Additionally, reviewers unconsciously trust AI code more than contributions from junior developers, creating a dangerous blind spot. The code looks production-ready, passes basic tests, and follows style guidelines. Nevertheless, subtle architectural decisions and security vulnerabilities lurk beneath superficially correct syntax.
The 91% longer pull request review times aren’t inefficiency—they’re necessary security diligence. Teams that tried to maintain pre-AI review speeds shipped the 322% more security issues directly to production, discovering them only after deployment.
How to Optimize Teams, Not Just Individual Developers
The fix isn’t abandoning AI—it’s rethinking workflows and metrics. Leading teams are adopting AI code review tools like CodeRabbit and Qodo, enforcing smaller PRs, automating security scans, and most importantly, measuring end-to-end delivery time instead of individual coding speed.
The AI code review market is growing faster than code generation tools, reaching $750 million in 2025 with a 9.2% compound annual growth rate through 2033. GitHub’s Copilot for Pull Requests claims to reduce review times by 19.3 hours by using AI to review AI-generated code, balancing the generation-review equation.
Smart teams are implementing four key changes. First, they enforce PR size limits—breaking AI-generated code into reviewable chunks under 200 lines. Second, they automate security scanning with tools like SonarQube and Snyk to catch the 322% vulnerability increase before human review. Third, they’re deploying AI review tools to handle volume while humans focus on architectural decisions. Fourth, they’ve switched to team-level metrics like DORA—deployment frequency, lead time for changes, change failure rate—instead of individual output measures.
Competitive advantage won’t go to teams that use AI, but to teams that redesign their entire workflow around it. This means bidirectional AI workflows where AI both generates and reviews code, automated security gates as table stakes, and ruthless focus on what actually matters: how fast teams deliver value to production.
Related: Developer Productivity: 89% Say Non-Technical Factors Matter Most
What Developer Productivity Metrics Teams Should Track
Abandon vanity metrics like PR count and lines of code. Instead, adopt team-level throughput metrics that actually track delivery: deployment frequency (how often you ship), lead time for changes (commit to production), change failure rate (quality of what you ship), and time to restore service (how fast you fix issues).
Teams optimizing for DORA metrics see 20-30% fewer production defects and 60-point improvements in customer satisfaction, according to research from McKinsey and Gartner. You can’t improve what you don’t measure correctly. Teams tracking individual coding speed will miss the 91% review bottleneck entirely.
The question isn’t “how fast can developers code?” It’s “how fast can teams deliver value to production?” AI exposes the inadequacy of traditional productivity metrics. A developer who writes twice as much code but creates a review queue that delays the entire team for days isn’t more productive—they’re a liability.
Key Takeaways
- PR review times have increased 91% for teams using AI heavily, while PR volume jumped 47%—creating a bottleneck that erases coding speed gains
- Developers consistently misjudge their own productivity, predicting 24% speedups while measuring 19% slower, explaining why only 16% see significant real productivity gains despite 82% adoption
- AI-generated code contains 322% more security vulnerabilities and 153% more design flaws, requiring deeper review that most teams didn’t budget for
- The solution isn’t abandoning AI but redesigning workflows: deploy AI review tools to match generation capacity, enforce smaller PRs, automate security scanning, and measure team throughput instead of individual output
- Competitive advantage goes to teams that optimize the full pipeline—not those who just adopt AI for code generation
AI didn’t fail to deliver productivity gains. We failed to redesign our workflows and metrics around it. The 91% review slowdown is a feature, not a bug—it’s AI exposing that code review was always the real bottleneck, just one we could ignore when developers wrote less code. Now we can’t.
