Unreviewed AI Code Is Everywhere — Here's What Breaks First

A Hacker News post titled "Toward automated verification of unreviewed AI-generated code" hit 70 points and 57 comments today. The discussion confirmed something I've been seeing firsthand: developers are shipping AI-generated code without meaningful review, and the failure modes are predictable. I've spent the last 3 weeks building a security scanner specifically for AI-generated code. After scanning hundreds of code samples, I can tell you exactly what breaks first — and it's not what most people expect. The Real Problem Isn't "Bad AI" The HN thread has the usual debates: "just review the code" vs. "nobody has time for that." Both sides miss the point. The problem isn't that AI writes bad code. The problem is that AI writes plausible-looking code that passes a quick glance. A human skimming a PR will see clean formatting, reasonable variable names, and familiar patterns. The dangerous stuff hides in the details. I learned this the hard way. Early on, I tried using an LLM to detect vu