Artificial intelligence (AI) has become the most powerful accelerant the software industry has ever seen. As AI tools push individual developers to generate code at unprecedented rates, the rest of the software development lifecycle is struggling to keep pace.

The result is a fast-accumulating burden of ungoverned, untraceable code: delays, security vulnerabilities and a pipeline that generates output far faster than review, testing and security processes can absorb.

Engineers today spend up to 12 hours a week in meetings and only around 52 minutes actually writing code. Merge requests can sit in a queue for five to six days.

Around 84% of engineering time goes to maintenance rather than new feature delivery. GitLab calls this tension the AI Paradox.

“The amount of code that can be developed in this AI era has dramatically increased. In some cases, it is beyond what people could actually imagine four or five years ago,” Duncan Greenwood, Vice President EMEA of GitLab, told TechJournal.uk in an interview.

“Unless you have the right capabilities and the right platform to orchestrate and see the whole of the entire software development lifecycle, you get these downstream bottlenecks, particularly in things like code reviews, pipeline breakages and testing,” he said.

Greenwood said GitLab’s response is what it calls intelligent orchestration: a single platform that provides engineering teams and AI agents with complete end-to-end visibility into the software development lifecycle (SDLC).

“Build the code as quickly as you can, create the products, but make sure you understand what the rest of the software development lifecycle looks like. We definitely have this phrase within AI: it is creating speed, but it needs to be speed with control,” he said.

Founded in 2011 and headquartered in San Francisco, GitLab is the intelligent orchestration platform for DevSecOps (development, security and operations). The company serves more than 50 million registered users and approximately 50% of the Fortune 100.

GitLab consolidates code management, pipelines, security scanning, compliance and deployment history into a single unified data model. The company has been named a Leader in the Gartner Magic Quadrant for DevSecOps Platforms for four consecutive years. Greenwood, who is based in London, oversees all GitLab business across Europe, the Middle East and Africa.

Governance gaps widen

On June 23, GitLab published its AI Accountability Report, conducted by The Harris Poll and based on a survey of 1,528 developers and technology buyers across six countries.

The report examines whether organizations can track, govern and take responsibility for the AI-generated code entering their production systems. The findings confirm that adoption is outpacing control.

While 91% of organizations have two or more AI coding tools in active use and 78% report that developers are writing and committing code faster, 43% say they cannot reliably distinguish AI-generated code from human-written code in their own codebase.

Eighty-two percent say AI-generated code risks creating a new form of technical debt their organizations are not yet prepared to manage.

“AI coding tools have delivered on their promise of speed. But the events of the past few months, including supply chain attacks, reliability issues and regulators tightening expectations around AI traceability and provenance, are making clear that speed without control is a liability, not an advantage,” said Manav Khurana, Chief Product and Marketing Officer at GitLab.

“The teams thinking ahead are already asking the harder question: can we actually control all the code we are generating? The organizations that will ship trusted software faster are the ones building the foundations of accountability with context, traceability and governance baked into the platform, not just bolted on after the fact,” he said.

The traceability gap is particularly stark. While 87% of respondents were confident their team could determine within 24 hours whether AI-generated code contributed to a production incident, 34% of organizations that actually experienced such an incident were unable to do so.

The top structural barriers to control are difficulty distinguishing AI-generated from human-written code (43%), fragmented toolchains (40%) and systems that do not track code origin (39%). Only 28% say their SDLC tools are fully integrated with shared data and workflows.

Governance failures are near-universal. Ninety-two percent of organizations report some form of governance challenge with AI-generated code, and 80% say they adopted AI tools faster than they developed policies to govern them.

Eighty-five percent agree that the next phase of AI in software will focus less on generating code and more on governing it. With awareness rising, 91% say they are likely to invest in AI code governance tools in the next 12 months.

The governance challenge extends to regulatory compliance.

The EU AI Act is already reshaping expectations for software teams across Europe, while frameworks such as DORA (Digital Operational Resilience Act) and NIST 2 (NIST Cybersecurity Framework 2.0) impose additional obligations on how code is developed, audited and traced.

Greenwood said most organizations are struggling to keep compliance processes in step with the pace of AI-driven development, and that embedding policy requirements into the development workflow from the outset is more effective than applying them retrospectively.

He described a compliance approach built around what he called an immune system: policy requirements and audit obligations enforced during development rather than checked at the end, with vulnerabilities remediated before code reaches production.

Data sovereignty is a particular concern for European enterprises.

“In Europe, around 80 to 85% of our customers are deploying either in a dedicated environment or self-hosted,” he said.

He said the preference reflects growing unease about where AI-generated code resides and who can access it, a concern he expects to intensify as regulators sharpen their focus on traceability and provenance.

Proof at enterprise scale

Greenwood pointed to Barclays as a case study in the costs of toolchain fragmentation. The bank had built its software development operation around 12 separate tools, each handling a different stage of the pipeline. The result was a disjointed workflow in which handoffs between systems created delays, visibility gaps and mounting overhead for engineering teams.

“When we started with Barclays, they had something like 12 different tool sets within that supply chain of software development. They now save 180,000 developer hours per week,” he said.

He said the more entry points a software supply chain contains, the greater the risk that vulnerabilities will be introduced or go undetected. Consolidating onto a single platform gave Barclays’ engineers end-to-end visibility for the first time, enabling the bank to deliver software faster for the business.

Ericsson faced a comparable challenge at a different scale. As a global telecommunications company managing complex, high-stakes deployments across multiple markets, the cost of slow or insecure releases is high.

“They are 50% faster with deployment and they saved 130,000 developer hours over a six-month period,” Greenwood said.

Ericsson was also able to run 10 times as many test scenarios after consolidating its toolchain.

To explain how GitLab addresses the challenge of scaling in the agentic AI era, Greenwood described a three-part framework drawn from human biology.

“The motor system is executed at agent scale: the source code, the CI/CD (continuous integration and continuous delivery), the artifacts, and the deployments, rebuilt for thousands of concurrent agents. The nervous system is the context of the decisions, the lifecycle graphs and how the human actually interacts with the agents,” he said.

“And the immune system is the governance and the security: identity, policy and audit,” he said.

Greenwood pushed back on the narrative that replacing senior developers with junior staff and AI tools is an acceptable cost-cutting strategy, arguing that human context cannot be substituted.

“There is a gap in the developer community in the sense that, even with AI coming on board, there are still a lot of jobs that cannot be filled. The human in the loop is going to be an important factor for many years to come,” he said.

He said developer roles will evolve rather than disappear as AI scales up.

With software development volumes set to increase dramatically, human oversight will remain essential. GitLab’s EMEA team of more than 700 staff is set for growth as the business expands its customer base across the regions.