Thoughtworks warns: AI code grows faster than understanding of it
AI generates code faster than teams can understand it. Thoughtworks calls for a return to engineering fundamentals in Technology Radar Vol. 34.
(Image: Alexander Supertramp / Shutterstock.com)
The technology consulting firm Thoughtworks has published the 34th edition of its semi-annual Technology Radar. Central theme: so-called cognitive debt, which arises when artificial intelligence generates ever larger amounts of code and the shared understanding of software systems in development teams erodes faster than it can be renewed.
While previous editions of the Radar highlighted the growing capabilities of AI in software engineering, the focus, according to the current report, is now shifting to the risks in scaling and productive use. The difference to classic technical debt is significant: technical debt resides in the code itself, whereas cognitive debt resides in the minds of the developers. The gap between humans and systems widens when AI-generated code is produced faster than teams can grasp it.
Thoughtworks CTO Rachel Laycock puts it this way: “The inflection point we're at isn't so much about technology — it's about technique.” AI capabilities have developed at a breathtaking pace over the past year. But instead of displacing humans, it is becoming clear that appropriate practices and technical control mechanisms are necessary to use these capabilities safely and effectively.
Control mechanisms for coding agents
A central concept of the radar is so-called harnesses – technical control mechanisms for AI-powered coding agents. These are divided into two categories: feedforward controls operate before execution, for example through agent skills or specification-driven development. Feedback systems, on the other hand, monitor the results after execution – for example, through mutation tests – and trigger self-correction before a human has to intervene. This concept is described in detail in an article on harness engineering by Birgitta Böckeler.
Videos by heise
Zero Trust for AI Agents Required
Another focus is on securing AI agents, which increasingly require access to private data and external systems. Thoughtworks recommends Zero Trust architectures, sandboxing, and defense-in-depth strategies for this. The tension between maximum benefit and security risks requires principles such as explicit verification and minimal rights assignment – principles that also harmonize with data protection requirements such as the GDPR.
Furthermore, the radar recommends a return to proven metrics such as the DORA metrics (Deployment Frequency, Lead Time for Changes, Mean Time to Restore, and Change Fail Percentage) to make the increasing complexity measurable. The evaluation of new technologies is also becoming increasingly difficult due to a market backlog of small AI projects and semantic diffusion, i.e., inconsistent use of terms.
Fittingly: code faster, test slower
The warning about cognitive debt fits into a broader debate. As other studies also show, generative AI accelerates the writing of code but makes verification more complex. The bottleneck is shifting from generation to understanding and testing. It is precisely at this point that the Technology Radar aims to encourage a return to engineering fundamentals to sustainably leverage the growing capabilities of AI.
The interactive Technology Radar is available online; a PDF download is also possible.
(map)
