As AI code generation tools become more widespread in engineering teams, a new challenge is emerging around code review processes. While AI can generate infrastructure code quickly, this speed is creating questions about how teams maintain code quality and knowledge transfer.
Most AI strategies today focus heavily on the developer experience side. Tools like GitHub Copilot, Cursor, Stakpak help engineers write code faster. But there's a gap in this strategy.
While we're getting better at generating code with AI, we're not equally investing in how to review that code effectively. The current approach assumes that existing code review processes will naturally adapt to handle AI-generated content, but that's not necessarily true.
The challenge isn't just keeping up with the volume of AI-generated code. It's ensuring that AI-generated infrastructure code doesn't create knowledge gaps or review bottlenecks that slow down delivery. If teams can generate code 10x faster but reviews become the constraint, we've just moved the problem rather than solved it.
The Speed vs Understanding Trade-off
AI tools can now generate Terraform configurations, AWS CloudFormation templates, and multi-cloud deployments with impressive speed and accuracy. Research by GitHub shows that 63% of professional developers are using AI in their development process, with infrastructure teams seeing particularly dramatic productivity gains (GitHub's 2024 AI Survey).
But this acceleration creates an interesting dynamic. Traditional infrastructure development required engineers to work through complex cloud service interactions, understand security implications, and learn from configuration mistakes. This slower process naturally built institutional knowledge as teams navigated the nuances of AWS services, GCP networking, or Azure resource management.
AI-generated code can short circuit this learning loop. Engineers can deploy functional infrastructure without developing the deep understanding necessary to troubleshoot complex issues or make informed architectural decisions when problems arise. It's productivity in the short term, but potentially creates knowledge gaps in the long term.
The Tribal Knowledge Challenge
Tribal knowledge, what Microsoft defines as "the knowledge one obtains from belonging to a project, team, or organisation for a long time", is particularly critical in infrastructure. This includes understanding why certain Terraform modules were structured in specific ways, the historical context behind security group configurations, and the subtle implications of service choices that aren't captured in documentation. Or in short what to touch and what you should not touch, especially on a Friday.
Research from manufacturing industries suggests that up to 70% of critical, undocumented knowledge may be lost when experienced engineers leave organisations. In cloud environments, this knowledge would include things like complex service interactions, performance optimisations, and the nuanced understanding of cross-cloud dependencies that only comes from managing production systems at scale.
When AI tools enable less experienced engineers to produce infrastructure code quickly, there are fewer natural opportunities for knowledge transfer through traditional collaborative development processes.
The Volume Challenge
AI assisted development is changing both the quantity and nature of code being written. While developers report increased productivity, GitClear's analysis found that 67% spend more time debugging AI-generated code, and 68% note increased time spent on code reviews (DevOps.com survey).
For infrastructure teams, this creates a particularly challenging dynamic. Unlike application code where multiple developers can contribute to reviews, infrastructure changes often require specialised knowledge that only senior engineers possess. The result is a concentration of review responsibilities among the most experienced team members.
Consider these scenarios that infrastructure teams face regularly:
- Weekly AMI updates that look routine but could affect auto-scaling behaviour
- Security group changes that seem minor but expose critical database ports
Resource scaling modifications that appear safe but violate compliance policies - Terraform module updates that work individually but create dependency conflicts
Each of these requires contextual knowledge that AI tools don't possess and junior engineers may not have developed yet.
The Math of Review Bottlenecks
Engineering productivity research shows that the top 20% of reviewers typically handle over 80% of code reviews. This concentration is even more pronounced in infrastructure teams where specialised knowledge is required.
As AI generates more infrastructure code, these bottlenecks can worsen. Senior engineers spend increasing time reviewing AI-generated configurations rather than transferring knowledge to junior team members. Development teams lose an average of 20-40% of their velocity to inefficient code review processes, and for infrastructure teams, this burden is often more pronounced because the stakes are higher infrastructure mistakes can affect entire systems rather than isolated features.
The repetitive nature of reviewing similar AI generated patterns can contribute to review fatigue. When developers experience fatigue from repeated review tasks, they may miss critical issues, affecting both code quality and project velocity.
What's Actually Working
The most effective teams are creating different review paths based on change complexity rather than treating all AI-generated infrastructure the same. Simple configuration updates get automated validation and junior engineer review, while architectural changes get routed to senior engineers with relevant domain expertise. This prevents bottlenecks while ensuring critical changes get proper oversight.
Teams seeing success are also feeding organisational context back into their AI generation process, company specific security policies, approved architectural patterns, and historical incident learnings. The result is AI-generated code that already incorporates institutional knowledge rather than generic configurations that require extensive review. When senior engineers do review code, they're documenting not just what needs to change, but why those changes matter, creating a growing knowledge base for future generations.
Rather than centralising all infrastructure knowledge in a few senior engineers, successful teams are distributing ownership across product teams with clear escalation paths. They're also categorising infrastructure changes by risk and impact, low-risk patterns get heavy automation and minimal review, while high-risk changes get human expertise from the start. The key is having clear criteria for each category and updating those criteria based on incident learnings.
The Missing Piece: Change Intelligence
While these approaches help with the review process, they don't address the fundamental challenge: understanding what changes are safe to make in the first place. Consider updating a security group to allow traffic on a new port. AI can generate the Terraform code instantly, but understanding the full impact requires knowing what services use that security group, which applications might be affected, and whether this conflicts with existing compliance policies.
Cloud systems can have hidden dependencies that aren't obvious from looking at Terraform code. Change a database configuration and you might accidentally break auto-scaling policies. Modify network settings and suddenly your disaster recovery procedures don't work. AI tools generate code that works in isolation, but they can't see these broader system connections that experienced engineers know from years of managing production systems.
At Overmind, we believe the answer isn't just asking "Is this code correct?" but "Is this change safe given our current system state?" When a PR is raised, we analyse multiple signals to provide this context, the blast radius, any related risks. This helps teams understand at a glance whether a change is routine and low-risk or requires additional review and coordination.
Our mission is to provide teams with this change intelligence before they deploy. Rather than just generating or reviewing code, we're building systems that can automatically assess risk and provide context about what modifications are safe to make and when. The goal isn't to slow down AI-generated code, but to ensure that speed of implementation doesn't outpace understanding of consequences. and when, preserving the contextual knowledge that makes infrastructure management effective.
.gif)
