When AI Writes Bugs: Field Notes from Real Cleanups

Common issues in AI-generated code include missing invariants, unchecked input, and silent performance footguns like N+1 queries. Senior engineers triage by adding failing tests that capture real-world scenarios, then refactor to reveal domain boundaries. Security reviews prioritize authz gaps, dependency trust, and supply-chain hygiene.
Success requires discipline: human review, static analysis, and runtime telemetry to validate behavior under load. AI can accelerate scaffolding, but craftsmanship—naming, contracts, and observability—is still human. The best teams pair generation with review checklists and a CI gate that enforces quality.