GitLab report finds AI coding tools are moving faster than enterprise controls
GitLab’s AI Accountability Report finds organisations are adopting AI coding tools faster than they can govern generated code.
GitLab’s 2026 AI Accountability Report has found that organisations are adopting AI coding tools faster than they are building the policies and systems needed to manage AI-generated code.
Table Of Content
The report, conducted by The Harris Poll, surveyed 1,528 developers and technology buyers across six countries. It found that 80% of respondents said their organisation adopted AI tools faster than it developed policies to govern them, while 92% reported some form of governance challenge with AI-generated code.
GitLab defines AI accountability as the ability to answer three questions about any line of AI-generated code: where it came from, what it was meant to do, and who is responsible for it once it reaches production. The report argues that many organisations cannot yet answer those questions reliably, even as AI coding tools become part of software development workflows.
Faster output is shifting the bottleneck
The report shows that AI coding tools are already being widely used. GitLab found that 91% of organisations have two or more AI coding tools in active use, while 54% have three or more. Among respondents, 78% said developers were writing and committing code faster since adopting AI tools, and 73% said overall code quality had improved.
Those gains are not translating evenly across the software delivery process. According to the report, 79% of respondents agreed that individual developer productivity had improved with AI, but the overall software delivery process had not accelerated at the same pace. GitLab described this as the “AI Paradox”.
The pressure is moving from writing code to checking it. GitLab found that 85% of respondents agreed AI had shifted the bottleneck to reviewing and validating code, while 84% said the biggest challenge with AI-generated code was governing what happens after it is created.
That creates a practical issue for software teams. Faster code generation can increase output, but it also gives engineering, security, and compliance teams more code to understand, review, secure, and maintain. The report found that 73% of respondents were concerned about the maintainability of AI-generated code in their organisation’s codebase, while 82% said it risked creating a new form of technical debt their organisation was not prepared to manage.
Traceability gaps limit accountability
Traceability remains one of the clearest weaknesses identified in the report. GitLab found that 43% of respondents could not reliably distinguish AI-generated code from human-written code in their own codebase.
Other barriers were tied to the way software teams organise their tools and workflows. Fragmented toolchains were cited by 40% of respondents, while 39% pointed to systems that do not track code origin. Only 28% said their software development lifecycle tools were fully integrated with shared data and workflows.
The report also found a gap between confidence and actual incident response. While 87% of respondents were confident their team could determine within 24 hours whether AI-generated code had contributed to a production incident, 34% of organisations that experienced an incident in the past year could not make that determination.
That gap is important because accountability depends on more than knowing that AI tools were used. Organisations also need to know which code was generated, how it entered the codebase, what it was intended to do, and who remains responsible for it after deployment.
Governance spending is expected to rise
The report suggests that organisations are beginning to treat AI-generated code as a governance issue. GitLab found that 83% of organisations identified AI-generated code accumulation as a risk to manage now, with 44% calling it a top technology risk.
Investment is likely to follow. According to the report, 91% of respondents are likely to invest in AI code governance tools in the next 12 months, while 98% have already allocated or expect to allocate budget. GitLab also found that 85% agreed the next phase of AI in software would focus less on generating code and more on governing it.
“AI coding tools have delivered on their promise of speed. But the events of the past few months, including supply chain attacks, reliability issues, and regulators tightening expectations around AI traceability and provenance are making clear that speed without control is a liability, not an advantage,” said Manav Khurana, Chief Product and Marketing Officer at GitLab. “The teams thinking ahead are already asking the harder question: can we actually control all the code we’re generating? The organisations that will ship trusted software faster are the ones building the foundations of accountability with context, traceability, and governance baked into the platform, not just bolted on after the fact.”
For enterprises, the report points to a control problem that sits behind the productivity gains. AI coding tools may help developers produce code faster, but the operational value depends on whether organisations can trace code origin, validate output, manage technical debt, and assign responsibility once generated code reaches production.
