← Back to brief
ResearchOfficialPreprintarXiv Software Engineering

Agentic Code Requires More Post-Merge Maintenance and Introduces More Vulnerabilities

Jul 14, 2026

A longitudinal study of 182 repositories finds that while agentic and human code contributions have similar overall maintenance rates, agentic code requires significantly more corrective maintenance and introduces more security weaknesses and dependency vulnerabilities. The study also finds that a 10 percentage-point increase in a project's no-review rate is associated with a 6% increase in agentic maintenance burden.

Why it matters: As AI coding agents become more common, this research shows that merge success is not enough; agentic tools must be designed to produce code that remains secure and maintainable over time.

Full story at: arXiv Software Engineering