When coding agents become gatekeepers

The danger Uncle Bob warned us about, but different

It’s not about losing your job

Perhaps this has already been discussed somewhere. However, I came to this line of thinking while talking to a friend of mine about what the future might look like. And frankly, the conclusion unsettled me.

Let me walk you through it.

The present

Software developers have become insanely more productive thanks to the rise of LLM-based coding agents (I will not call it AI). I will refer to software built using these coding agents as synthesized software. This makes it easier to distinguish further on.

Are these coding agents perfect? No. But what they are awesome at is the boring stuff. The standard code on which every enterprise project depends: the usage of frameworks, the definition of data classes, the retrieval and storage of data in the database, and so on. Every developer has to write this code, but really, none of them wants to. It is boring, repetitive and mostly brainless.

A developer wants to focus on the interesting 20% of the code base. Now, he can. He tells the coding agent to spit out the framework boilerplate of the 80% and in the mean time focuses on what actually needs solving.

Companies will have no choice but to adopt coding agents. Because their competitors surely will. And thus grows a dependency on the providers of these coding agents and the providers of the foundational models (not necessarily the same party).

So far, you can draw a parallel to the rise of cloud computing in 2008. Companies didn’t want to move to the cloud. They had to.

But wait, there is more

Have you ever heard of Uncle Bob Martin’s “Scribe’s Oath”?

What he states is the following: we developers live in the wild west. Sooner or later people will get hurt by someone’s poorly written and unethical code. And unless we make sure we become more professional by implementing some sort of self-regulation, the government will step in to regulate it for us. There are plenty of examples of such cases in other industries.

Now, back to the present: every company and their mother is generating code with coding agents. This means two things:

1. There is a higher chance there will be code in production that has never been seen by a human.

2. Most of the code is actually created by a small number of companies.

So there is much more uncertainty about the quality of code, while the origin of that code has become much more centralized.

Think about that for a moment.

The incident

Let’s say in the not-so-distant future something goes really wrong.

Some big software company pushes out an update and a hospital goes down. People die. This company happens to be — just like all other companies still in business — using coding agents to build their software.

This is the moment where governments can and will step in. Either from good intentions or lobbied by the big AI companies. They will demand the following:

• That coding agents and LLMs are required by law to implement strict quality checks and workflows.

• That coding agents are required to be certified.

• That coding agents are required to insert an identifier into the software, indicating how it was built: which coding agent, which LLM, which license and license ID.

Sounds somewhat reasonable.

The slippery slope

Now, some time passes. A year or so. And those quality checks? They turn out to be quite solid. Much better than expected. Thanks to these checks software synthesized using the agents have a far lower bug-ratio than non-synthesized software.

The government then decides: from now on, we no longer allow software in critical systems that wasn’t built using a certified coding agent. For the common good, of course.

This effectively shuts out any application that was not synthesized via a government-approved agent.

And what would the next step be? Making it illegal to publish any non-synthesized application. Why trust manually coded applications at all? Who knows what viruses people want to spread? Or what crimes they wish to commit? How much easier would it be to enforce the Digital Services Act if all software has a certified origin?

Each step sounds reasonable in isolation. Each step makes the next one feel inevitable.

And before you know it, a handful of companies who control the certified agents have become the gatekeepers of all software development. Not because they took your job. Because they took your right to code without their permission.

That is an angle I feel nobody is talking about.