AI coding boom outruns banks’ testing, expert warns

TL;DR:

  • AI coding tools are producing software far faster than banks can verify it works, creating a verification bottleneck across financial services.
  • Sauce Labs’ Shubha Govil argues the industry is “optimising for the wrong metric” — chasing release velocity while quality and confidence slip.
  • For UK banks under tightening operational resilience rules, unverified AI-generated code is a regulatory and reputational risk, not just an engineering one.

The software industry’s race for release velocity is colliding with an uncomfortable reality in banking: more code does not mean better software. AI assistants and “vibe coding” tools have made generation almost free, but verification has not scaled with it — leaving QA teams across banking, insurance and capital markets facing a bottleneck many are unprepared for.

Optimising for the wrong metric

Shubha Govil, chief product officer at Sauce Labs, frames the problem starkly: “Velocity was never the hard part.” Understanding requirements, designing architecture and verifying that software behaves correctly were always the real bottlenecks — and AI has widened them. She cites a DeFi protocol that lost $1.78m after an AI-authored pricing oracle misread an asset value, and research suggesting pull requests per engineer are up roughly 20% year on year while incidents per release have jumped nearly a quarter. A METR study even found AI tools made experienced developers 19% slower, though most believed the opposite.

The governance gap is the sharpest concern. In a survey Govil’s firm ran, 82% of organisations said they lacked skilled testers or tools to manage AI quality, and 61% said leadership did not understand testing fundamentals. For UK institutions the stakes are concrete: defects can hit payments, lending and trading directly, and the warning compounds regulators’ existing unease about frontier AI and bank cyber resilience. Under the FCA and Bank of England’s operational resilience regime, firms must be able to evidence that systems work — across every environment and edge case.

Looking forward

Govil’s prescription is to treat “verification infrastructure as a first-class investment” and to stop conflating “we shipped it” with “it works.” For UK banks accelerating AI-assisted delivery, the message is timely: the productivity dividend is real, but velocity without confidence is, in her words, “organised risk.”

Share this article