JetBrains just published their 2026 developer survey covering 11,000 developers across 173 countries. The headline number: 90% of developers use AI tools at work. The buried finding that actually matters: most of them can’t tell you whether it’s working.

I’ve seen this before. In 2016, the same thing happened with cloud adoption. Everyone had a cloud strategy. Nobody had a cloud ROI story that held up to scrutiny. CFOs started asking hard questions, and engineering teams scrambled to retroactively justify decisions that had already been made on vibes.

We are about to repeat that mistake with AI agents — at larger scale and higher speed.

What’s Actually Happening

The JetBrains data is a map of where we are:

  • 90% AI tool adoption across developers surveyed
  • Usage spans code completion, code review, documentation, test generation, and now autonomous agentic tasks
  • But when asked about business outcomes? Vague answers: “it feels faster,” “it helps with boilerplate,” “I think we ship more”

Simultaneously, a separate signal from JetBrains’ Central AI governance research: enterprises are deploying AI agents for CI/CD, PR review, security scanning, and deployment automation — often without central inventory, cost tracking, or quality metrics.

This isn’t a technology problem. It’s an organizational problem wearing a technology costume.

Shadow Tech Debt is the term I’m using for what accumulates when AI-generated code bypasses normal quality gates. It’s the cousin of Shadow IT (unauthorized cloud resources) but potentially more dangerous because it’s invisible at the code level. A developer generates 200 lines with an AI agent, does a surface review, and merges. The code works. The tests pass. But the abstractions are wrong, the error handling is incomplete, and the naming conventions are inconsistent with the rest of the codebase. Six months later, nobody remembers it was AI-generated. It’s just “legacy code” that’s hard to work with.

At 90% AI adoption, this is happening at scale right now.

What This Means in Practice

Let me break down the three failure modes I see recurring across engineering organizations:

Failure Mode 1: The Metrics Vacuum

Teams adopt AI tools and measure inputs (“we have 50 Copilot licenses”) rather than outputs (“our time-to-PR on new features dropped by 23%”). This is precisely backwards.

The metrics that actually matter for AI agent ROI:

Vanity Metrics (don't use these as primary KPIs):
- Number of AI tool licenses
- Lines of code generated by AI
- Percentage of code with AI assist

Signal Metrics (use these):
- Cycle time: commit → PR → merge → deploy
- Defect escape rate: bugs found in production vs. staging
- Rework ratio: time spent modifying AI-generated code vs. human-generated code
- Time-to-context: how long for a new dev to be productive in a module

The last one — time-to-context — is counterintuitively one of the best ROI signals. AI-generated code that lacks good comments and consistent patterns actively hurts time-to-context. If your time-to-context is increasing despite AI adoption, you have a Shadow Tech Debt problem.

Failure Mode 2: The Agent Sprawl Problem

An enterprise I advised recently had, when they finally audited, 34 separate AI agent configurations running across their SDLC. PR review agents. Dependency update agents. Test generation agents. Documentation agents. Security scanning agents. Most were configured independently by individual developers or teams, with no central inventory.

Problems that emerged:

  • Agents were making conflicting recommendations on the same PRs
  • Multiple agents were calling the same LLM APIs, causing unexpected cost spikes
  • No unified audit log when an agent made a problematic change
  • No process for updating agent prompts when company coding standards changed

The solution is an Agent Registry — conceptually similar to a service catalog in platform engineering:

# Example Agent Registry entry
agent_id: pr-reviewer-v3
owner: platform-team
purpose: Automated PR review for style, security, and correctness
model: claude-opus-4-8  # or GLM-5.2 self-hosted
triggers: [pull_request.opened, pull_request.synchronize]
cost_center: engineering-platform
monthly_budget_usd: 500
audit_log: enabled
last_reviewed: 2026-06-01
escalation: platform-team@company.com

Without this, you don’t have AI governance. You have AI chaos with a governance sticker on it.

Failure Mode 3: The ROI Measurement Gap

Here’s the problem with AI ROI measurement that nobody is saying clearly: AI’s biggest benefits are cognitive, not mechanical, and we don’t have good instruments for measuring cognitive work.

When a developer uses AI to understand an unfamiliar codebase 30% faster, that doesn’t show up anywhere. When an AI agent catches a subtle race condition in a PR that a human reviewer missed, the “value” of that catch is invisible unless that bug would have caused an incident.

The practical solution is a counterfactual sampling approach:

  1. Take 10% of your team’s AI-assisted tasks and have a human complete them independently (or use the pre-AI baseline from the same developer’s historical data)
  2. Measure the delta in time, defect rate, and code quality score
  3. Multiply by adoption rate and annualize

This won’t give you a precise number. But it will give you a defensible range, which is what your CFO actually needs to make a budget decision.

Lessons for Tech Leads

1. You need an agent inventory before you need more agents. If you can’t enumerate every AI agent running in your SDLC in 10 minutes, you already have a governance problem. Build the registry now, before the audit.

2. Define “done” differently for AI-assisted work. Your definition of a PR being ready to merge should explicitly include: “AI-generated sections have been reviewed for abstraction quality, not just functional correctness.” Functional correctness is the floor, not the ceiling.

3. Budget for AI tooling the way you budget for cloud. Not as a one-time license cost but as a monthly operational expense with per-agent cost attribution. When an agent’s monthly cost exceeds its measurable value, shut it down. Treat AI agents like microservices — they should earn their keep or be decommissioned.

4. The governance platform is a competitive moat. Companies that build robust AI governance infrastructure now will have a massive advantage when regulators inevitably arrive. The EU AI Act has provisions that apply to enterprise AI tool usage. The companies scrambling to retroactively document their AI practices will be at a disadvantage compared to those that built the audit trail proactively.

My Take

The 90% AI adoption number from JetBrains is real, but it’s measuring the wrong thing. The meaningful number is: what percentage of companies can produce a defensible ROI calculation for their AI spend that would survive a rigorous CFO challenge?

My estimate: under 15%.

This is the cloud problem of 2016, but the timeline is compressed. Cloud took 4-5 years to go from “everyone has it” to “everyone is managing costs and governance seriously.” AI agents will do the same thing in 18-24 months, because the cost surprises and quality surprises will arrive faster.

The engineering leaders who build governance infrastructure now — agent registries, quality metrics, cost attribution, audit logs — will look prescient. The ones who let adoption run ahead of governance will spend 2027 explaining to boards why they can’t answer basic questions about their AI investment.

I’ve been through the cloud governance scramble once. I have no interest in going through the AI governance scramble.

What to Watch Next

  • JetBrains Central AI platform: they’re building exactly the agent governance layer I’ve described, positioned as a commercial product. Worth watching as a signal of where the market is going.
  • GitHub Copilot Workspace analytics: GitHub is adding per-team, per-agent ROI dashboards. This could become the de facto standard for enterprise AI measurement if it gains adoption.
  • EU AI Act enforcement: the first significant enterprise enforcement actions will likely hit in late 2026 or early 2027. Companies using AI in hiring, code security scanning, or customer-facing systems need to be paying attention now.
  • Shadow Tech Debt tooling: expect static analysis tools to add “AI-generated code detection” capabilities. When your linter can flag “this function was likely AI-generated and has complexity score 85,” the quality conversation changes completely.

The ROI problem is solvable. The governance framework exists. The organizations that build it now won’t be scrambling later — they’ll be the ones selling the framework to everyone else.

Export for reading

Comments