π€ AI Summary
This study addresses a critical gap in the literature by systematically evaluating the post-merge stability and maintenance demands of code generated by intelligent coding agents, an aspect largely overlooked by prior work that focuses primarily on pre-merge performance. Through longitudinal empirical analysis of 182 open-source repositories, the authors track the evolutionary trajectories of code contributions from both AI agents and human developers, integrating large-scale code mining, change intent classification, defect and security vulnerability detection, and statistical modeling. Their findings reveal that while AI-generated code achieves merge rates comparable to human-authored code, it incurs significantly higher corrective maintenance rates and introduces more security and dependency-related vulnerabilities. Moreover, a 10% increase in a projectβs unreviewed contribution rate correlates with an average 6% rise in maintenance burden, underscoring the moderating role of project governance mechanisms in mitigating the elevated maintenance costs and security risks associated with AI-generated code.
π Abstract
Agentic coding tools are increasingly used to make autonomous repository-level changes to real-world projects. Prior work has largely evaluated these contributions at the pre-merge stage, through outcomes such as pull request acceptance and review effort. Far less is known about what happens to agentic code post-merge. Yet merge success alone does not reveal whether a contribution will remain stable or require bug fixes and other corrective maintenance downstream. We conduct a longitudinal empirical analysis of agentic and human contributions across 182 repositories, tracking their post-merge fate over time, characterizing the intent of subsequent modifications, and analyzing the defects and vulnerabilities they introduce. While the overall maintenance rates are similar, agentic contributions require significantly higher rates of corrective maintenance and introduce more security weaknesses and dependency vulnerabilities. We also find statistically significant evidence that agentic maintenance burden is associated with repository characteristics. In particular, each 10 percentage-point increase in a project's no-review rate is associated with roughly a 6% increase in agentic maintenance burden on average. As coding agents become pervasive in software development, our findings highlight the need to evaluate and design agentic tools not only to produce mergeable changes, but to produce contributions that remain secure and maintainable.