Remember this Quora comment (which also became a meme)?
(Source: Quora)
In the pre-Huge Language Model (LLM) stack overflow era, the challenge was demanding Which code snippets for effective adoption and adaptation. Now that code generation has become a breeze, the greater challenge is to reliably identify and integrate high-quality, enterprise-grade code into production environments.
This article will explore the practical pitfalls and limitations observed when engineers employ up-to-date coding agents in real enterprise work, solving more intricate problems related to integration, scalability, availability, evolving security practices, data privacy, and maintainability in real operational conditions. We hope to counter the noise and provide a more technically grounded view of the capabilities of AI coding agents.
Constrained domain understanding and service limits
AI agents have great difficulty designing scalable systems due to the massive explosion of choices and the critical lack of enterprise-specific context. In tiny, the codebases and monorepos of gigantic enterprises are often too gigantic for agents to learn from directly, and key knowledge can often be fragmented in internal documentation and individual expertise.
More specifically, many popular encoding agents face service limitations that hinder their effectiveness in large-scale environments. Indexing features may fail or degrade for repositories larger than 2,500 files or due to memory constraints. Furthermore, files larger than 500KB are often excluded from indexing/searching, which affects established products with larger code files from decades ago (although newer projects may admittedly encounter this less frequently).
For intricate tasks involving extensive file contexts or refactoring, developers are expected to provide the appropriate files as well as clearly define the refactoring routine and surrounding compilation/command sequences to validate implementation without introducing feature regressions.
No hardware or usage context
AI agents demonstrated a critical lack of awareness regarding OS installation, command line, and environment (conda/venv). This lack can lead to frustrating experiences such as when the agent tries to execute Linux commands in PowerShell, which can consistently result in “unrecognized command” errors. Furthermore, agents often exhibit inconsistent “wait tolerance” when reading command results, prematurely declaring they cannot read the results (and proceeding to retry/skip) before the command has completed, especially on slower computers.
It’s not just about nitpicking characteristics; rather, the devil is in these practical details. These experience gaps manifest as real friction points and require constant human vigilance to monitor agent activity in real time. Otherwise, the agent may ignore information about the initial tool call and either stop prematurely or resort to a half-baked solution requiring undoing some/all changes, re-running prompts, and wasting tokens. Submitting a prompt on a Friday evening and expecting a code update to occur when you check in on Monday morning is not guaranteed.
No more hallucinations repeated actions
Working with AI coding agents often creates a long-term challenge in the form of hallucinations or incorrect or incomplete pieces of information (such as diminutive pieces of code) within a larger set of changes that are expected to be fixed by the programmer with negligible or little effort. However, inappropriate behavior becomes particularly problematic repeated within a single thread, forcing users to start a novel thread and re-enter the entire context, or manually intervene to “unlock” the agent.
For example, while configuring code for a Python function, an agent tasked with implementing intricate production-ready changes encountered a file (see below) containing special characters (brackets, dot, asterisk). These characters are very popular in computer science software versions.
(Image created manually using standard code. Source: Microsoft Find out AND Edit the application host file (host.json) in the Azure portal)
The agent incorrectly flagged this value as unsafe or harmful, halting the entire generation process. This adversarial attack misidentification occurred 4 to 5 times despite various prompts to attempt a restart or continue modifications. This version format is actually the schema present in the Python HTTP trigger code template. The only workaround that worked was to instruct the agent to do so NO read the file and instead ask it for the desired configuration and make sure the developer manually adds it to that file, confirm and ask it to proceed with the rest of the code changes.
The inability to exit the output loop of a repeatedly faulty agent in the same thread highlights a practical limitation that significantly wastes programming time. Essentially, developers now spend time debugging/improving AI-generated code rather than Stack Overflow or their own code snippets.
Lack of enterprise-level coding practices
Security best practices: Coding agents often default to less secure authentication methods, such as key-based authentication (client secret keys), rather than up-to-date identity-based solutions (such as Entra ID or federated credentials). This oversight can introduce significant security vulnerabilities and enhance maintenance costs because key management and rotation are intricate tasks that are increasingly narrow in enterprise environments.
Obsolete SDKs and reinventing the wheel: Agents may not always employ the latest SDK methods, instead generating more detailed and more arduous to maintain implementations. Using the Azure Functions example, agents generated code using the existing SDK v1 for read/write operations, rather than the much cleaner and more maintainable SDK v2 code. Developers must study the latest best practices on the web to have a mental map of dependencies and expected implementation that will ensure long-term maintainability and reduce upcoming technology migration efforts.
Constrained intent recognition and repetitive code: Even for smaller scope modular tasks (which are typically encouraged to minimize hallucinations or debugging downtime), such as extending an existing function definition, agents can follow instructions literally and create a logic that turns out to be almost repeatable, without anticipating the coming or incoherent developer’s needs. This means that for these modular tasks, the agent may not automatically identify and refactor similar logic in common functions or improve class definitions, leading to technical debt and more arduous to manage code bases, especially in the case of vibration coding or idle developers.
Simply put, those viral YouTube videos showing rapid, zero-to-one application development in one sentence simply don’t capture the nuances of the challenges facing production-grade software, where security, scalability, maintainability, and future-proof design architectures are paramount.
Confirmation bias compensation
Confirmation bias is a sedate problem because LLMs often confirm the user’s assumptions, even when the user expresses doubt and asks the agent to clarify his understanding or suggest alternative ideas. This tendency for models to adapt to what they think the user wants to hear leads to lower overall quality of results, especially for more objective/technical tasks such as coding.
Is extensive literature suggest that if a model starts with a statement like “You’re absolutely right!”, the remaining output tokens tend to justify that statement.
Constant need for child care
Despite the allure of autonomous coding, the reality of AI agents in enterprise development often requires constant human vigilance. Cases such as an agent attempting to execute Linux commands in PowerShell, false positive security flags, or introducing inaccuracies for domain-specific reasons highlight critical vulnerabilities; developers just can’t let go. Instead, they must constantly monitor their reasoning process and understand multi-file code additions to avoid wasting time on destitute answers.
The worst possible experience with agents is for a developer to accept multi-file code updates full of bugs and then waste time debugging because of how “beautiful” the code looks. It may even cause this sunk cost fallacy hoping that the code will work after just a few tweaks, especially when the updates involve multiple files in a intricate/unknown codebase with connections to multiple independent services.
It’s like working with a 10-year-old genius who has memorized extensive knowledge and even takes every user’s intent into account, but chooses showing off that knowledge over solving the real problem and lacks the foresight required to succeed in real-world employ cases.
This “babysitting” requirement, combined with the frustrating repetition of hallucinations, means that time spent debugging AI-generated code can dwarf the time savings expected from using the agent. Needless to say, developers in gigantic enterprises need to very consciously and strategically navigate up-to-date agent tools and employ cases.
Application
There is no doubt that AI coding agents have proven to be nothing tiny of revolutionary, accelerating prototyping, automating standard coding, and changing the way developers build. The real challenge these days isn’t generating code, it’s knowing what to ship, how to secure it, and where to scale it. Sharp teams learn to filter out the noise, employ agents strategically, and double down on engineer ratings.
As CEO of GitHub Recently noticed by Thomas Dohmke: The most advanced developers have “moved from writing code to designing and verifying implementation efforts led by AI agents.” In the agentic era, success does not belong to those who can tell code, but to those who can construct lasting systems.
Rahul Raja is a software engineer at LinkedIn.
Advitya Gemawat is a machine learning (ML) engineer at Microsoft.
Editor’s note: The opinions expressed in this article are the personal opinions of the authors and do not reflect the opinions of their employers.