What is AI code review?

AI code review is the practice of having a large language model — Claude Code, Cursor, GitHub Copilot, Continue, Aider, or similar — review proposed code changes and emit suggestions. The AI examines diffs, identifies bugs, flags style issues, and proposes refactors at high volume, doing the same job a human reviewer does at the suggestion-per-minute rate of a model rather than a person.

Is AI code review reliable?

AI code review is reliable for catching some categories of issues (style, common bugs, missing error handling) and unreliable for others (logic correctness, security context, architectural decisions). Stack Overflow's Developer Survey has tracked a year-over-year gap between AI tool usage and AI tool trust, and most teams now treat AI review as a first pass that humans (and deterministic scanners) must verify.

What's the biggest problem with AI code review?

Signal-to-noise ratio. AI assistants emit roughly 8 review suggestions per file when 1-2 actually matter, drowning real bugs in speculative refactoring requests. BrassCoders measures this on real codebases at coppersun.dev/benchmarks and produces a per-file noise ratio you can verify against your own scans.

Should I let AI tools see my source code?

It depends on the vendor and the deployment mode. Anthropic, OpenAI, and major LLM vendors don't train on API requests by default. Some self-hosted deployments and offline-first tools (BrassCoders's OSS core makes zero outbound network calls) don't transmit source at all. The trade-off is convenience versus control: for sensitive code, run offline-first scanning locally and send only the redacted findings to your AI assistant for triage.

Can an AI review code it just generated?

Yes, but with caveats. The same LLM is unlikely to catch errors it just produced — those errors looked plausible to the model on the way in, so they'll look plausible on the way out. Crossing the LLM with a different reviewer (a different model, a static analyzer, or a human) catches more. The practical pattern: deterministic scan first, AI review of the ranked output, human approval of the diff.

What is a hallucinated package?

A package name an AI assistant generates that doesn't exist on the relevant registry. The AI emits "import fastapi_users_pydantic" when only "fastapi-users" exists on PyPI. Lasso Security's 2024 research found this happens at a meaningful rate across major models, creating an attack surface where typosquatters can register the hallucinated name as malware and wait for AI-generated code to npm install it.

How do I detect secrets in AI-generated code?

Use entropy-based scanning plus pattern matching for known formats. Yelp's detect-secrets is the standard OSS library; BrassCoders ships it alongside 20+ format-specific patterns (AWS access keys, GitHub PATs, OpenAI keys, Stripe live keys, JWTs, PEM-encoded private keys). Pattern matching catches the formats you expect; entropy catches the ones you don't.

What's the fastest workflow for triaging a large AI-generated pull request?

Run a deterministic static-analysis scan first, hand the structured output to your AI assistant, then iterate. BrassCoders's recommended flow: "brasscoders scan" produces .brass/ai_instructions.yaml (a short, ranked list of findings); the AI assistant reads that file directly and addresses critical_issues in order, working against deterministic findings rather than reviewing diffs blind.

AI Code Review: The Practical Guide for 2026

AI coding assistants now generate code faster than human reviewers can read it. Stack Overflow's annual Developer Survey has tracked rapid year-over-year adoption since 2023, and the volume gap between AI output and human review capacity is the central problem of the current era of software development. The crisis is not the AI itself. The crisis is that the review tooling and workflow were designed for human-rate code production, and AI assistants produce at language-model rate — orders of magnitude faster.

This guide covers the four recurring failure modes of AI-assisted pull requests, the workflow that experienced reviewers actually use, the architectural distinction between static analysis and LLM-based review, and an honest tools roundup. The intended reader is a software engineer who already uses an AI coding assistant (Claude Code, Cursor, Continue, Copilot, Aider) and has to ship, review, and maintain the output.

BrassCoders, the scanner that catches what AI assistants structurally miss, is the pillar that frames this guide. The product context shows up throughout, but the patterns in this guide stand on their own — they apply whether you use BrassCoders, a competing scanner, or just the raw open-source SAST stack.

The AI Code Review Crisis

BrassCoders's reproducible benchmarks against nine open-source codebases measure 1500+ raw scanner findings on a typical real-world Python project, and developers using Claude Code or Cursor regularly report seeing roughly 8 review suggestions per file where 1-2 actually merit attention. The volume gap is the crisis, not the AI itself.

Three things changed at once between 2023 and 2026. AI assistants became fast enough that a senior engineer working alongside one produces several times the diff volume of their pre-AI baseline. Pull-request review queues, which were tuned for human-rate production, became permanent backlogs in many teams. And the per-suggestion confidence of AI reviewers stayed roughly flat — meaning the absolute number of false positives scaled linearly with usage. The result is a workflow in which developers skim, the skim has a known failure mode, and the one critical issue gets dismissed alongside the seven speculative ones.

The same Stack Overflow Developer Survey that documents AI adoption also tracks AI trust. The gap between "I use this daily" and "I trust this output" is the largest in the survey's history. That gap is the market for review tooling.

What follows is the four-failure-mode taxonomy that comes out of looking at the actual output, not the marketing.

The Four Failure Modes of AI-Assisted PRs

BrassCoders categorizes AI-generated PR failures into four buckets — noise, secret leakage, hallucinated imports, and diff complexity — based on the patterns surfaced by scanning nine open-source codebases (Django, FastAPI, Flask, Next.js Commerce, Turborepo, OWASP PyGoat, OWASP NodeGoat, Snyk Goof, and the Bandit examples corpus). Each failure mode has a distinct mitigation; lumping them under a generic "use AI carefully" header is the kind of advice that doesn't help anyone.

Failure mode 1: noise

AI assistants are tuned for completeness, not for precision. The training incentive rewards thoroughness — better to over-flag than to miss a real bug — but in practice it produces output where 7 out of 8 suggestions are conditional ("if name is user-controlled, this could be XSS"). Developers compensate by skimming, skimming has a known failure mode, and the one real bug gets dismissed alongside the seven speculative ones. BrassCoders's dedicated post on this pattern, Why Claude Code Emits 8 Findings When One Matters, walks through the underlying training-incentive math.

Failure mode 2: secret leakage

AI tools sometimes inline secrets — credentials, API keys, tokens — that were in the surrounding context window, or fabricate plausible-looking example credentials that end up committed. GitGuardian's State of Secrets Sprawl annual report tracks the real-world rate of secret leaks across public repositories and has documented AI-tooling as a contributing pattern. The mitigation is entropy-based plus pattern-matching detection of secrets in the AI's output, applied before the PR is opened, not after.

Failure mode 3: hallucinated imports

AI assistants confidently generate imports of packages that don't exist on the relevant registry. The AI writes import fastapi_users_pydantic when only fastapi-users exists on PyPI, or import @types/express-async-handler when no such npm package is published. Lasso Security documented this pattern in 2024 across multiple major models. Worse: a malicious actor can register the hallucinated name as a typosquatting package and wait for AI-generated code to install it, turning a hallucination into a supply-chain attack.

The detection pattern is straightforward in principle and rarely implemented in practice: take every import statement in a diff, check whether the named package exists on the target registry, fail loudly if it doesn't. BrassCoders's --check-package-hallucination flag runs exactly this check, issuing HTTPS GETs to PyPI for Python, npm for JavaScript, and pkg.go.dev for Go. The check is opt-in (the OSS core is offline-first by default) and the only payload sent is the bare package name.

Failure mode 4: diff complexity

AI assistants don't have the human reviewer's preference for small, focused diffs. Asked to "refactor this for clarity," the AI rewrites the entire file. The result is 500-line and 800-line PRs that no human can meaningfully review in the time the team's review budget allows. The mitigation is structural: a deterministic scan first to surface what to look at, then a constrained AI review against that ranked list rather than a line-by-line read.

How Experienced Reviewers Triage AI PRs

BrassCoders's recommended workflow for triaging AI-generated pull requests: run a deterministic static-analysis scan first, hand the ranked output to your AI assistant, then iterate against a constrained finding list rather than reviewing the diff line by line. The scan turns an unbounded triage problem into a bounded one — a 30-line YAML file of ranked findings is reviewable in the same time as a 50-line diff, regardless of whether the underlying diff is 100 lines or 1000.

Concretely the flow looks like this:

Scan locally. Run brasscoders scan /path/to/project from the repo root. The OSS core makes zero outbound network calls; the Paid plan sends already-redacted findings (never source code) to the gateway for semantic deduplication and reranking. Output lands at .brass/ai_instructions.yaml.
Hand off to your AI assistant. Tell Claude Code (or Cursor, Continue, Aider) to read the YAML and address the critical_issues in order. A typical prompt: "Read .brass/ai_instructions.yaml in this project. Address the critical_issues in order. For each one, propose a diff and explain the fix."
Iterate. The AI assistant works against deterministic findings — each one has a file path, a line number, a severity, and a finding type. There's no ambiguity about what to look at next. Re-scan after fixes to confirm no regression.

What changes about the review experience: the unit of work becomes a ranked finding, not a diff hunk. The AI assistant becomes a triage layer working against deterministic input, rather than a reviewer working against unbounded code. The reviewer's time-per-finding stays constant whether the PR is 100 lines or 1000.

A concrete worked example. Say brasscoders scan on a 600-line AI-generated PR produces 47 raw findings, of which 12 are critical_issues after enrichment. The reviewer's prompt to Claude Code looks like this: "Read .brass/ai_instructions.yaml. Work through each entry in critical_issues in order. For each one, read the relevant file at the noted line, decide whether the finding is real or a false positive given the surrounding code, and if real propose a diff. If you're unsure, mark it for human review and move on." The AI gets through the 12 in under two minutes; the human reviews the 12 diffs and the marked-uncertain items in another five. Total review time for a 600-line PR: roughly 10 minutes instead of an hour.

What stays the same: the human still approves the diff. BrassCoders doesn't merge code, doesn't auto-apply suggestions, doesn't generate PRs. It produces a YAML file; the rest of the workflow is yours. The same workflow runs against Cursor, Continue, or Aider — any AI assistant that can read a local file and propose diffs against it.

Static Analysis vs LLM-Based Review

Static analysis catches deterministic problems — a hardcoded API key, a SQL-injection sink, a known anti-pattern — but cannot judge context. LLMs judge context but cannot scan deterministically across thousands of files. BrassCoders uses the static layer for detection and leaves the AI consumer (Claude Code, Cursor, Continue) responsible for the triage decisions where context matters.

The static layer in BrassCoders is twelve scanners running locally: Bandit and Pylint for Python static analysis, Pyre and Pysa (Meta's taint analyzer) for taint propagation, Semgrep and ast-grep for pattern matching, and detect-secrets (Yelp's entropy-based credential scanner) for secret discovery. BrassCoders adds six custom scanners on top for AI-pattern detection, privacy and PII matching, secret patterns, performance hints, content moderation, and JavaScript/TypeScript analysis.

What the static layer is good at: finding the deterministic things that don't depend on context. A function named verify_password that uses == instead of a constant-time comparison. A hardcoded credential in a config file. A Python import of a package that's not on PyPI. These are the kind of finding where the scanner can be 100% confident and the AI consumer can apply the fix mechanically.

What the static layer is bad at: anything that requires reading the surrounding code to judge. Is this MD5 use cryptographic, or is it being used as a non-security hash for caching? Is this /tmp path a security issue, or is the code running in a container where /tmp is per-pod? BrassCoders doesn't try to make these judgments — that's the AI consumer's job. BrassCoders surfaces the pattern; the AI (with full file context) decides whether it's real.

This division of labor is the architectural insight. The wrong design is a static analyzer that tries to be smart and ends up either over-flagging (every MD5 use is a finding regardless of context) or under-flagging (clever heuristics demote real findings). The right design is a dumb-but-honest scanner paired with a smart triage layer that has full context. BrassCoders is the former; the AI assistant is the latter.

Tools Roundup

The AI-code-review tool category divides into two camps: deterministic pre-filters (BrassCoders) and LLM-based reviewers (GitHub Copilot's built-in review, Greptile, Bito, CodeRabbit). They solve different problems and the right setup uses one of each, not one or the other.

Deterministic pre-filters — including BrassCoders — run static analysis locally or in CI, produce structured findings, and hand them to a downstream consumer (human or AI) for triage. They don't read code semantically; they pattern-match. The strength is determinism: the same input produces the same output, every time. The weakness is context-blindness: a pre-filter can't tell whether a particular pattern matters in the specific surrounding code.

LLM-based reviewers — Greptile, Bito, CodeRabbit, GitHub's own AI review — read the diff with an LLM and emit suggestions. The strength is context: they can reason about whether a given pattern matters. The weakness is precision: they over-flag and under-flag in patterns that vary by model and by prompt tuning. They're also expensive at scale; each PR runs through several thousand tokens.

The pairing that works: a deterministic pre-filter to constrain the surface area, an LLM-based reviewer (or your own AI assistant) to make the contextual call. Use BrassCoders to find the 30 findings that matter out of the 1500 the scanner produces. Use Claude Code or Cursor (with your own API key) to decide which of the 30 actually applies in your codebase. The deterministic layer makes the LLM layer cheaper and more accurate; the LLM layer makes the deterministic layer usable.

What's wrong with using only one: an LLM reviewer alone produces the 8-suggestions-per-file noise problem this guide opened with. A deterministic pre-filter alone produces 1500 findings that no human will read. Together they produce 30 findings that an AI can triage in a minute.

A practical comparison of the major options. GitHub Copilot's built-in PR review reads the diff with an LLM and posts inline comments — good for catching obvious bugs, weak on novel anti-patterns because the model is tuned for general code rather than security context. Greptile and CodeRabbit operate on the same architecture with different tuning; each varies by team workflow fit. Semgrep on its own is excellent at deterministic rule-based detection but produces high finding volume without a downstream filter. BrassCoders sits at the pre-filter layer: it runs Semgrep (and 11 other scanners) on your behalf, applies noise-reduction and ranking, and produces the 30-finding YAML that an LLM reviewer can then process in a minute. The right setup typically combines BrassCoders for the static layer with whichever LLM reviewer your team has chosen for the contextual layer.

BrassCoders is open source at the detection layer (Apache 2.0, installable as brasscoders on PyPI) and a $12/month subscription for the optional AI-powered enrichment that handles semantic deduplication and reranking. The Paid plan sends already-redacted findings (never source code) to a hosted gateway; the gateway returns the deduplicated, reranked list. See our privacy policy for the exact data flow.

Closing

BrassCoders's honest summary of AI code review in 2026: the AI tools are good enough to ship, not good enough to trust without filtering. The filtering layer is the work. The teams that figure out filtering before their AI-assisted volume outpaces their review capacity ship faster and with fewer regressions than the teams that don't.

BrassCoders exists because filtering is solvable. The OSS core scans for free, runs locally, and produces a YAML file your AI assistant can read. The Paid plan adds AI-powered enrichment for $12/month. Install with pipx install brasscoders; run brasscoders scan; hand the output to your AI assistant of choice.