METHODOLOGY

AI-Generated Code

Code written by an LLM coding tool rather than typed by an engineer. Not inherently worse, but it skips the same things every time, so it needs a structured production-readiness pass before real money or users touch it.

Last reviewed: byChristof Jori wiki ↗

AI-generated code is code produced by an LLM coding tool (Copilot, Cursor, Claude Code, Lovable, and the rest) instead of typed by hand. The important thing to get straight is that it is not inherently worse than human code. On the happy path it is often cleaner, more idiomatic, and better commented than what a rushed engineer would write at 6pm on a Friday. Treating all AI-generated code as junk is as wrong as treating all of it as production-ready.

The real property worth knowing is that AI-generated code fails the same way every time. An LLM does not have a bad day, a deadline, or a grudge. It has a training distribution and a prompt. So the gaps are systematic, not random: it omits authorization checks the prompt did not mention, it trusts input the prompt did not flag as hostile, it leaves error handling thin because the prompt described the success case. Systematic gaps are good news, because a systematic gap can be closed with a structured checklist instead of hoping a reviewer happens to notice.

Worked example of the difference from a human bug. A tired engineer might forget validation on one endpoint out of twenty, randomly, and a reviewer skims past it. An LLM asked to build twenty endpoints will tend to handle validation the same way on all twenty, so if it is wrong, it is wrong consistently, and a reviewer who knows the pattern catches all twenty at once. The work is not “find the random mistake.” The work is “confirm the systematic decision the model made, and override it where production needs more.” That is a faster, more reliable review than chasing human-style one-off slips.

The honest trade-off: AI-generated code shifts effort from writing to reviewing, and that only saves time if the review actually happens. Skip the review and you have vibe-coded software with a nicer commit history. The tools make writing nearly free, which tempts teams to skip the one step that was never the bottleneck, the TDD and security pass that catches the systematic gaps. The savings are real only if you spend part of them on the review you no longer think you need.

Wavect treats AI-generated code as a first draft that needs a known, repeatable production-readiness pass before it ships, under Software Quality Assurance. Because the gaps are predictable, the pass is fast: authorization on every endpoint, validation on every input, secrets out of the client, error handling, then a regression suite and a CI/CD gate so the next prompt does not silently reopen a hole. Done this way, AI-generated code is a genuine productivity win rather than a quiet pile of technical debt.

// FAQ

FAQs

Not on the happy path, where it is often cleaner. The difference is that it fails systematically rather than randomly: it skips the same things every time (authorization, validation, secrets, error handling) because the prompt rarely asks for them. Systematic gaps are easier to close than random human slips, but only if you actually run the review.
Yes, more than ever, but a different kind. The work is not hunting random typos, it is confirming the systematic decisions the model made and overriding them where production needs more. Skip the review entirely and you have vibe-coded software: fast to write, expensive to get breached.
AI-generated code is just code an LLM wrote; it can be reviewed and hardened and perfectly safe. Vibe-coded software is the subset where nobody read the security-critical paths. The tool is the same. Whether a human did the production-readiness pass is the whole difference.