AI coding is moving from help to delegation#
At Anthropic’s Code with Claude developer event in London, the striking part was not that developers were using AI to write code. That is already normal in many teams.
The striking part was how much responsibility some developers appeared willing to hand over.
According to MIT Technology Review, Anthropic engineer Jeremy Hadfield asked the room who had shipped a pull request in the previous week that was completely written by Claude. Almost half the packed room raised their hands. He then asked who had shipped such a pull request without reading the code at all. Most of those hands reportedly stayed up.
That is a small room at a vendor event, not a representative survey of the software industry. It is also a room likely to contain enthusiastic users. But the signal matters. The center of gravity in AI coding is shifting from “generate this function” to “take this task, work through the errors, and produce something shippable.”
Anthropic is not hiding that ambition. At the event, Hadfield said most software at Anthropic is now written by Claude, and that Claude has written most of the code in Claude Code. Other major AI companies have made similar productivity claims about their own tools. The details differ, and the claims are hard to compare from the outside. The direction is clear enough.
Software work is being reorganized around AI agents that can write, test, revise, and remember.
Anthropic wants Claude to get out of the prompt box#
The article describes Anthropic’s goal as pushing coding automation as far as it will go. The old pattern was human-led: ask an AI tool for code, inspect the output, fix the mistakes, and integrate the result.
Anthropic’s target is more agentic. Claude should be able to check and correct its own work. Boris Cherny, who leads Claude Code, described the new default as Claude prompting itself rather than a developer prompting Claude directly.
In that model, the human does not necessarily see every failed attempt. Claude runs tests, hits errors, adjusts the implementation, and repeats until it reaches a working state. Anthropic engineer Ravi Trivedi summed up the operating principle as getting out of Claude’s way: “Let it cook.”
One feature MIT Technology Review highlights is “dreaming,” announced shortly before the event. Claude Code agents can write notes to themselves about specific tasks. Later agents working on the same code can use those notes to get context faster and avoid known mistakes. The dreaming system then reads across those notes, consolidates them, and looks for patterns or recurring issues.
In theory, this helps Claude Code learn the shape of a particular codebase. It may become faster at navigating local conventions, old decisions, fragile areas, and common failure modes.
That is useful. It is also a meaningful change in the trust model. A coding assistant that produces snippets is one thing. An agent that accumulates memory about a codebase, writes most of the changes, handles its own debugging loop, and passes work forward to later agents is closer to an automated development layer.
The risk is not that this cannot work. The risk is that it works well enough to become default before organizations adjust review, security, ownership, and maintenance practices around it.
The security problem is review capacity#
The most practical concern is not whether AI-generated code is always bad. It is not. Human-written code is also flawed, insecure, inconsistent, and hard to maintain.
The sharper problem is volume.
If AI tools let teams produce more code faster, the bottleneck moves to review. Someone still needs to understand what changed, why it changed, how it interacts with the rest of the system, and what new failure paths it opens. If developers stop reading AI-generated pull requests, the review layer can become ceremonial.
MIT Technology Review notes that outside the conference, some developers are already pushing back. Complaints include managers chasing productivity gains while engineers inherit more generated code to inspect, maintain, and debug. Researchers have also warned that AI tools can produce unsafe code that may make software more vulnerable to attack.
Those concerns are not new, but the scale is changing. A bad autocomplete suggestion is local. A fully delegated pull request can touch architecture, dependencies, permissions, error handling, input validation, logging, and tests. If it ships unread, the organization may not know what it has accepted.
This is where AI coding becomes a security issue rather than only a productivity story.
Security review depends on comprehension. If the codebase changes faster than senior engineers, reviewers, and security teams can reason about it, the organization accumulates unknowns. Some will be harmless. Some will become production incidents. Some may sit quietly until an attacker finds them.
Anthropic says old engineering rules still apply#
MIT Technology Review asked Claude engineering lead Katelyn Lesse and Claude product lead Angela Jiang about the concern that large amounts of AI-generated code could be shipped without proper human oversight.
Lesse’s answer was direct: old software development best practices still apply. She also said some teams may have lost sight of them in the current moment.
That is a useful admission. The issue is not only tool quality. It is behavior around the tool.
The same article reports Lesse saying some technical managers at Anthropic are exhausted by keeping up with the amount of code their teams now produce. She described Claude as probably as good as a midlevel engineer at writing code today, while still needing expert engineers for system design and harder troubleshooting. Jiang said the “absolute end state” Anthropic is trying to reach is Claude being able to build itself.
That endpoint may be aspirational. It may arrive unevenly. It may work for some categories of software before others. But it clarifies the trajectory: less human typing, more human supervision, and eventually more automation of the supervision itself.
The uncomfortable question is whether supervision will remain strong when the tool appears competent enough to bypass it.
What teams should check now#
Teams using Claude Code, Codex, or similar tools do not need to reject AI coding to take the risk seriously. They need to make the control points explicit.
A few checks matter more than broad policy language:
- Require human review for AI-generated pull requests, especially in security-sensitive code.
- Track whether reviewers actually inspect the diff or only approve passing tests.
- Separate “tests passed” from “design is sound.” They are not the same claim.
- Watch for dependency additions, permission changes, auth logic, input parsing, serialization, and error handling.
- Keep ownership clear. A human team still owns code written by an agent.
- Measure review load. If AI doubles output but review capacity stays flat, risk moves downstream.
- Treat agent memory and codebase notes as part of the development environment. They can shape future changes.
The most important habit is simple: do not let generated code become invisible code.
AI coding tools are becoming good enough to change how software is made. That does not remove the old duties of engineering. It makes them easier to skip.
For now, the future of coding looks less like humans disappearing from the loop and more like humans deciding which loops they still insist on seeing.