I saw this post from Mitchell Hashimoto requiring that AI tooling must be disclosed for contributions to his Ghostyy project this morning and it got me thinking, "Does it matter who writes the code?"
Since the beginning of computing humans have written all of the code. Then came AI and all of a sudden we have an explosion of AI written code. Microsoft claims that 30% of their code is written by AI. Shopify is requiring developers to use AI. It's pretty clear that AI will continue to write code and likely will write the majority of code moving forward.
In an ideal world, I don't think it matters who writes the code because the code would always be right. The problem is that we don't live in an ideal world. AI often generates code that doesn't work and is unnecessairly verbose. It riddles the codebase with unnecessary comments which makes it difficult to stay focused on the code that matters.
This wouldn't be a big deal if developers went back and cleaned up the code and/or comments but many don't. Tools like Cursor, Claude Code, Codex etc. that operate directly in your codebase have made coding so easy you don't even have to write code anymore, you can just tab or prompt your way to a working feature. I've seen developers online talking about how they don't even read the code they check-in anymore. They just see if it passes their tests and if the feature works. If it does, then LGTM.
However, this creates problems for reviewers and maintainers like Mitchell. When you dump a bunch of AI code into a PR and then send to a reviewer or maintainer, it's likely (hopefully) that person is reading through your code and spending the time to understand it and test it. That's the social contract between contributors and maintainers: you spend time writing the code, testing it, making sure it works and is good code, then I review it and make sure it meets our guidelines, design principles and actually works.
But it's not just bad coding style or potentially buggy code that happens when you overly rely on AI. It can also cause bigger issues like security problems and vulnerabilities. I can't count the number of times that ChatGPT or Claude has created code for me that leaks API keys to the client or exposes sensitive data in a session. These are tricky because they're usually not super obvious at first glance, you have to read through the code and understand what is happening to see it.
It's not the say that humans don't make these mistakes, they definitely do. But I would argue that they happen less often when you're more intentional about your work and writing the code yourself. Or at least, reviewing every line of code written by the AI to ensure that it's correct.
With that being said, I could see the need for organizations to watermark their code to understand who wrote it. Just like anything else, it's important to understand the risk vectors of your business and potentially buggy and insecure code is certaintly one of those.
I'm sure in the near future someone will create git blame for AIs. With a direct IDE integration it would theoretically be straight forward. Whenever an AI inserts code into a codebase, update the metadata of those lines to indicate that an AI was the writer. Coincidently, I saw that Zed today announced that they're working on a CRDT driven database to store code changes along with conversation history.
Seems like someone is already on it!
Evis