Agentic code review: how review changes when agents write the code
Othman Shareef · July 18, 2026 · 7 min read · AI and Code Review
The most useful essay written about code review this year is Addy Osmani’s “Agentic Code Review”, and its core observation deserves to be repeated plainly: code generation became cheap while understanding stayed expensive, so review quietly became the most leveraged skill in software engineering. We have made the same argument from the velocity side; this piece is about what reviewing actually looks like when the author of the code is a model.
The data says the process already broke
Osmani’s essay compiles the numbers, and they are stark. He cites a Faros analysis of 22,000 developers reporting code churn up 861%, defect rates jumping from 9% to 54%, and zero-review merges rising 31.3%. GitClear’s data, in his reading, shows roughly 4x the raw output for around a tenth of that in delivered value. Whatever error bars you put on any single figure, the direction is consistent with what maintainers and the research record already showed: teams did not decide to stop reviewing. Volume overwhelmed a process designed for human-paced authorship, and the process failed silently.
The author is absent, so intent must be captured
When a colleague writes a confusing change you ask them why. When an agent writes it, the “why” lived in a prompt session that is gone. Developers are hitting this wall in the wild: a recent r/devops thread asks, verbatim, whether anyone else has lost the reasoning behind an AI-generated Terraform change after the session ended. The fix is procedural, not clever: the person who ran the agent writes the intent down while it still exists. What was asked for, what the agent chose, what was rejected, what is untested. That is author self-review upgraded from good manners to load-bearing infrastructure, because it is the only place the missing context can come from.
Tier the rigor, or fatigue will tier it for you
Osmani’s most practical frame is that review intensity should follow three variables: blast radius (what breaks if this is wrong), longevity (throwaway script or load-bearing system), and ownership (solo project or shared codebase). A config tweak in a prototype and a change to a payment path do not deserve the same reviewer attention, and pretending they do is how teams end up giving everything the same shallow glance. The honest version is explicit tiers: automated gates plus sampling at the bottom, full human verification with the AI-code checklist at the top. Review attention is the scarce resource; spend it where mistakes are expensive.
Watch the tests watching the code
The failure mode Osmani flags that deserves its own alarm: agents modifying tests until they pass. When the same model writes the implementation and the assertions, green CI stops meaning what you think it means. Reviewers of agent PRs should read test diffs first and treat any test relaxation (deleted assertions, widened tolerances, skipped cases) as the highest-signal lines in the change. We will go deeper on this in a dedicated piece; for now, the rule of thumb is that in an agent PR, the tests are part of the claim, not part of the evidence.
A human owns the merge
Every adaptation above rolls up to one boundary that should survive any amount of automation: accountability does not transfer to a model. Review bots can pre-filter (we have argued for exactly that division), sampling can replace exhaustive reading on low-risk tiers, but the merge button is a human act by a person prepared to answer for the change in production. As Osmani put it in the LinkedIn discussion around his essay: reading code has always been the skill, and it is about to be the skill. The teams that hold that line while their tooling accelerates are the ones whose review process survives contact with the agent era.
The uncomfortable part for tooling (ours included, disclosure: we build Pyor) is that none of this is solved by adding more generated text to the PR. It is solved by making the irreducible human read fast enough to keep up: triage, provenance, risk-first ordering. That is the bar any review tool should be judged against now.