The vibe-coding bug epidemic: what AI-written code means for QA
By Masood Hussain · · 6 min read
- ai-code
- qa
- bug-reporting

AI assistants now write a large share of new code, and the measured effect on quality is negative: independent studies have found roughly 41% more bugs among Copilot users, 1.7x more issues in AI-authored pull requests, and record levels of duplicated code. Teams are shipping code faster than they can test it, which makes fast, complete bug capture the practical bottleneck for QA.
Here's the data behind each of those claims, and what to do about it.
How much code is AI writing now?
More than most teams realize. Sundar Pichai has said AI now generates about 75% of new code at Google, up from roughly a quarter in late 2024 (TechSpot). At the startup end, Y Combinator managing partner Jared Friedman said that for a quarter of the Winter 2025 batch, 95% of the codebase was AI-generated — and these were technical founders who could have written it themselves (TechCrunch).
Adoption is nearly universal: in Stack Overflow's 2025 Developer Survey, 84% of developers said they use or plan to use AI tools, up from 76% the year before (Stack Overflow).
Whatever the exact percentage at your company, the direction is clear. The volume of code entering review and test has grown far faster than the number of people responsible for checking it.

The bug data is in, and it isn't good
Two independent measurements stand out.
Uplevel analyzed engineering metrics for nearly 800 developers and compared those with GitHub Copilot access to those without. The Copilot group introduced 41% more bugs, with no significant improvement in pull request cycle time or throughput (Uplevel). More defects, no speed dividend to offset them.
CodeRabbit took a different approach in late 2025: it analyzed 470 real-world open-source pull requests and compared AI-coauthored PRs against human-written ones. AI-generated PRs contained about 1.7x more issues on average — roughly 10.8 issues per PR versus 6.5 — with logic and correctness problems up 75% and security vulnerabilities appearing 1.5 to 2x more often (CodeRabbit).
These aren't cherry-picked demos or vendor benchmarks. They're measurements of real teams and real pull requests, and they point the same way.
The damage below the surface: churn and duplication
Bugs you can file are only part of the cost. GitClear, which sells code-analysis tooling and publishes its methodology, analyzed 211 million changed lines of code from 2020 to 2024. Its findings (GitClear):
- The frequency of duplicated code blocks rose roughly eightfold during 2024.
- For the first time in the dataset, copy-pasted lines exceeded refactored ("moved") lines — developers are duplicating code faster than they're consolidating it.
- Code churn — new code revised or reverted within two weeks of being committed — has climbed steadily since AI assistants became mainstream.
Churn and duplication are leading indicators of future bugs. A fix applied to one copy of a duplicated block misses the other seven. Code rewritten within two weeks of landing was, by definition, wrong or incomplete the first time. For QA, this means regressions in places nobody touched on purpose — the hardest class of bug to anticipate with scripted test coverage.
Nobody is reviewing all of it
The theory of safe AI coding is "a human reviews everything." The practice is messier.
In the same Stack Overflow survey, 46% of developers said they don't trust the accuracy of AI output — up sharply from 31% the year before — and 45% named time-consuming debugging of AI-generated code as a top frustration (Stack Overflow). Developers distrust the code, and yet the volume keeps rising, because review capacity hasn't grown to match generation capacity.
There's also a perception problem. In a randomized controlled trial by METR, experienced open-source developers took 19% longer to complete tasks when using early-2025 AI tools — while believing the AI had made them about 20% faster (METR). If developers misjudge their own speed by nearly 40 percentage points, it's reasonable to assume they also misjudge how thoroughly they reviewed the diff they just accepted.
Why this lands on QA
Put the numbers together and the shape of the problem is clear:
- Code volume is up several-fold at AI-heavy teams.
- Defect density per change is up, not down.
- Review — the first quality gate — is saturated.
That leaves testing and bug reporting as the gates that actually catch what ships. But most teams' QA process was sized for human-speed code production. When a sprint's worth of code lands in a day, the constraint stops being "can we write the code?" and becomes "can we find and fix what's wrong with it before users do?"
This is the core argument we make on our vibe coding QA page: AI didn't remove the need for QA — it moved QA to the critical path.
The countermeasure: make bug capture nearly free
You can't review every AI-generated line, and you can't script tests for behavior nobody predicted. What you can do is drive the cost of reporting a bug — with enough context to fix it — as close to zero as possible, so that every person who touches the product becomes part of the safety net.
Concretely, that means every bug report should carry, automatically:
- A screenshot or replay of what the reporter saw.
- Console logs, because AI-generated frontend code fails loudly there long before anyone writes a ticket.
- Network requests and responses, because "the button doesn't work" is usually a 422 the reporter never saw.
- Environment details — browser, OS, viewport, URL — so nobody burns an hour asking.
When that context arrives with the report, the loop from "found" to "fixed" shortens dramatically, and the team can absorb a higher bug discovery rate without drowning. When it doesn't, every report costs a round-trip of "can you reproduce that?" — and at AI-era bug volumes, those round-trips are what actually sink teams.
This is the problem BugPort exists for. Our browser extension and embeddable widget capture the screenshot, console output, network activity, and environment automatically with each report, and file it straight into your tracker via Linear or GitHub integrations. If your team is shipping AI-assisted code faster than bugs are coming back with usable context, see how bug reporting for QA teams works, or start with the capture workflow overview.
FAQ
Does AI-generated code really have more bugs than human code?
The best available measurements say yes. Uplevel found a 41% higher bug rate among developers with Copilot access, and CodeRabbit found AI-coauthored PRs carry about 1.7x more issues than human-written ones. Results vary by team and task, but no independent study has shown AI code to be cleaner than human code.
Should teams stop using AI coding assistants?
No — the productivity upside is real for many tasks, and adoption is already near-universal. The realistic response is to treat AI output as untrusted input: keep review standards high, invest in test coverage for changed areas, and make bug capture cheap enough that defects that slip through get reported with full context.
What is "vibe coding"?
Prompting an AI to generate code and accepting the result based on whether it appears to work, without reading it closely. It's fast, and it's how a growing share of code gets written — including, per Y Combinator, the near-entirety of some startups' codebases. The QA implications are covered in more depth on our vibe coding page.
How should QA metrics change for AI-heavy codebases?
Watch leading indicators, not just escaped defects: code churn (revisions within two weeks of commit), duplication rates, and time-to-reproduce on incoming bug reports. GitClear's research shows churn and duplication rising industry-wide, so a team that isn't measuring them locally is flying blind.