A1
A001.AI
Back to Blog
AI TESTING

AI Writes the Code. Who Tests It? The Verification Debt Problem Nobody Wants to Talk About

Jul 17, 202610 min read

SmartBear just wired its testing platform into Claude Code, GitHub Copilot, and AWS AI tools. The move exposes a problem that's been quietly accumulating: AI-generated code is outpacing the ability of teams to verify it.

SmartBear this week announced integrations between its testing platform and AI coding tools from Anthropic, GitHub, Atlassian, and AWS. The news included a SmartBear MCP server for GitHub and connectors linking ReadyAPI and Swagger to Claude Code. On the surface, it reads like a routine product update. It isn't.

What SmartBear is responding to is a structural problem that most engineering teams are watching develop in slow motion: AI coding tools have dramatically accelerated code production, but verification hasn't kept up. The gap between how fast code gets written and how thoroughly it gets tested is widening — and the debt that accumulates in that gap is starting to matter.

The Core Problem: Generation Outpaced Verification

The productivity gains from AI coding tools are real. Developers ship faster. Feature velocity goes up. Managers are pleased. But none of that output is inherently correct, secure, or well-structured. It's just output.

Every line of AI-generated code that enters a codebase without adequate testing is a liability that gets deferred, not eliminated. Futurum Group's research puts it plainly: verification that sits outside the agent loop accumulates as verification debt. That's a precise and accurate description of what's happening in teams that adopted AI coding tools without rethinking their testing practices alongside them.

The numbers give context to the scale. In 2024, 72% of companies used AI in at least one business function — up from 55% the year before. AI coding tools are the most visible manifestation of that adoption in engineering. Yet only 37% of organizations had adopted AI-assisted testing, according to the Futurum Group survey cited by SmartBear's partner analyst. That asymmetry is the problem in a single statistic.

What SmartBear's Move Actually Signals

SmartBear isn't the first company to think about this, but the approach it's taken is worth examining specifically because it targets the friction point directly: developers don't leave the IDE to test.

That sounds minor. It isn't. The reason shift-left testing has always been harder to execute in practice than it sounds in strategy documents is that it asks developers to adopt tools and workflows that exist outside the environments where they actually work. A developer inside Cursor or Claude Code completing a task is not going to switch to a separate testing platform unless the cost of doing so is near zero. SmartBear is trying to get that cost closer to zero by meeting the developer where they are.

The MCP server integration for GitHub is particularly relevant here. Model Context Protocol is an open standard — Anthropic introduced it, and it's been gaining adoption across AI tooling providers. By building an MCP server, SmartBear enables AI coding agents to invoke testing capabilities as part of the same agent loop in which code gets written. That's architecturally different from bolting on a testing step after the fact. Testing becomes something the agent can initiate, not something the developer has to remember to do separately.

Whether that plays out smoothly in practice depends on implementation quality, LLM behavior, and how teams configure their workflows. But the direction is sound.

The Grade-Your-Own-Homework Problem

There's a specific failure mode in AI-assisted testing that doesn't get enough direct attention: asking the same AI that wrote the code to test it.

This is a real pattern emerging in teams that have gotten comfortable with AI agents handling end-to-end tasks. The agent writes a function, generates a test, the test passes, and the developer ships it. The problem is that a model testing its own output will tend to test what it believes to be correct about that output. If the model misunderstood the requirement, both the implementation and the test will reflect that misunderstanding consistently.

The Futurum Group observation on this is worth stating plainly: an AI coding tool testing its own code is, functionally, grading its own homework. The test coverage looks fine on paper. The bugs still ship.

The practical fix is to ensure the AI agent responsible for validation is based on a different model from the one that generated the code. Not because one model is better than another, but because independent verification requires independence. Two tools sharing the same underlying LLM don't provide it. This is one of the architectural decisions teams adopting AI testing need to make explicitly, not by default.

SmartBear's integrations with ReadyAPI and Swagger point toward a model where the testing layer is genuinely separate from the generation layer. ReadyAPI is a purpose-built API testing platform. Swagger covers contract definition and validation. Connecting these to Claude Code via MCP means the verification step runs on SmartBear's testing logic, not on the same coding agent that produced the artifact being verified.

What "More Code" Actually Means for Testing

AI-generated code has two characteristics that make traditional testing approaches harder to sustain at the current pace.

First, it's verbose. AI models tend to generate more code than a human would write to accomplish the same task. More code isn't inherently worse code — sometimes it's more explicit about edge cases — but it does mean more surface area to test. Test coverage requirements that were reasonable for a human-authored codebase need to be recalibrated for one where the average PR carries a larger diff.

Second, it's opaque to the developer who ships it. This is the more serious issue. When a developer writes code, they carry context about why the code is structured the way it is. They know which edge cases they considered, which they didn't, and where the logic might be fragile. When an AI generates that code, the developer often lacks that context. They're reviewing output from a system they don't fully understand, under time pressure, at a volume that's grown faster than their review bandwidth.

The result is that even conscientious developers are shipping code they can't fully characterize. This isn't a discipline problem — it's a volume and context problem. Testing automation that's embedded in the workflow is the only realistic way to compensate for it.

"Internal teams share assumptions about how a product should behave. AI-generated code often inherits those assumptions. Blind spots emerge when software meets real-world conditions."

That observation from industry QA discussions captures something important: AI-generated code doesn't just carry bugs, it carries the biases and assumptions of the prompts and models that produced it. A test suite written by the same team, testing against the same assumptions, won't surface those blind spots.

The X Conversation Is Missing the Point

On X, the discourse around AI and testing tends to orbit two poles: "AI will replace QA teams" and "AI-generated tests are useless." Neither position reflects what's actually happening in engineering teams that have thought carefully about this.

The "AI replaces QA" argument fails because testing isn't just test generation. It's deciding what to test, interpreting ambiguous failures, understanding user behavior, and making risk-based judgments about what matters most. None of that is automated away by a tool that writes test_user_can_login(). QA engineers who can work with AI tools productively are more valuable now than they were three years ago, not less. The job changes; it doesn't disappear.

The "AI-generated tests are useless" argument fails because it conflates low-quality AI test generation — which is a real problem with shallow tooling — with the category as a whole. A well-configured test generation system operating on code it has full context about, targeting a specific and well-defined test surface, produces useful tests. The quality ceiling has risen significantly in the last 18 months.

What the X conversation mostly misses is the organizational and architectural question in the middle: how do you structure AI code generation and AI testing so they're genuinely independent, produce coverage that means something, and integrate with the human review and pipeline validation steps that still need to exist?

SmartBear's announcement is relevant to that question in a way that "AI replaces QA" discourse isn't.

The Shift-Left Promise, Revisited

Shift-left testing has been a DevOps goal for most of the last decade. The idea is simple: catch defects earlier in the development cycle, when they're cheaper to fix. The execution has always been harder than the theory, because it requires developers to take on testing work that QA traditionally owned, with tooling that wasn't designed for developer workflows.

AI coding tools have paradoxically made this both more urgent and more achievable.

More urgent because the volume of code entering pipelines has grown faster than dedicated QA capacity can absorb. If pre-pipeline testing doesn't catch more issues than it used to, downstream review becomes a bottleneck that erodes the productivity gains from AI generation. The ROI case for AI coding tools weakens considerably if a meaningful fraction of AI-generated output gets rejected at the pipeline validation stage.

More achievable because AI-assisted test generation can, in principle, do the grunt work of writing tests for code that developers don't want to manually test. The developer writes a feature via an AI coding agent, the testing layer fires automatically, and the developer reviews failures rather than writing tests from scratch. That's a different workflow from "write the code, then write the tests" — and it's more likely to actually happen.

The SmartBear integration takes aim at exactly this workflow. The MCP server for GitHub means the testing layer can be invoked in the same session where code is being reviewed or merged. ReadyAPI and Swagger connectors for Claude Code mean API testing can happen inside the coding environment rather than as a separate step.

Whether this materializes as genuine shift-left adoption or remains a configuration option that most teams don't enable is, honestly, the harder question. Tooling availability has never been the limiting factor for shift-left. Organizational habit and workflow inertia are harder to move.

A Practical Framework for Teams Evaluating AI Testing Integration

For engineering leaders thinking about where to start, the decisions that actually matter aren't about which vendor to use. They're about how to structure the testing layer relative to the generation layer.

  • Separation of concerns — the model or toolchain running validation should not be the same one that generated the code being validated. Configure your AI testing tools explicitly with this in mind.
  • Coverage targets that account for AI verbosity — AI-generated code is typically denser in surface area. Coverage thresholds calibrated for human-authored code will undercount what's needed.
  • Pipeline enforcement, not just developer tooling — in-IDE testing reduces friction, but it doesn't replace pipeline gates. Treat IDE testing as the first line and CI/CD validation as the mandatory gate.
  • Prompt-to-test traceability — for AI-generated features, maintain enough context about the original prompt and specification to write tests against the requirement, not just the implementation. This is the only defense against tests that accurately validate incorrect behavior.
  • Dedicated QA involvement in AI workflow design — QA engineers understand what good coverage looks like. They should be involved in configuring AI testing tools, not handed a tool and asked to validate its output after the fact.

The QAwerk team's review of AI testing tools covers the specific tooling landscape for teams doing this evaluation — it's a useful starting point for understanding what current tools can and can't do before committing to a configuration.

What Comes Next

SmartBear's move is one data point in a larger pattern. Every major testing platform is going to have to answer the same question over the next 12-18 months: how do you remain relevant in a pipeline where AI generates most of the code?

The answer isn't to generate more AI tests. The answer is to become structurally integrated into the agent loop at the point where code is created — to make verification a first-class part of the generation workflow rather than a downstream step that competes with developer time.

The teams that figure out this integration — separation of generation and validation, IDE-level testing that actually gets used, pipeline gates that enforce coverage without blocking velocity — will capture the actual productivity gains that AI coding tools promise. The teams that don't will accumulate verification debt until it becomes a production problem.

Shipping code faster has never been the hard part. Shipping code that works has always been the constraint. AI makes the first part dramatically easier. It doesn't change the second constraint at all.

AI TestingDevOpsSoftware QualityAI Coding ToolsShift-Left Testing
James
Estel

Ready to Scope Your Project?

Start with James — he qualifies your request. If you need a detailed estimate, Estel picks it up from there. Need a human instead? Fill out the form and our specialist will take it from there.

Request a callback