Is there a pilot in the cockpit? - The risks of AI in the loose

Claude Berube

March 8, 2026

Is there a pilot in the cockpit? - The risks of AI in the loose

Why is it called a "Copilot"?

The name Copilot isn't just a brand; it's a functional philosophy. In aviation, the copilot handles navigation, monitors systems, and executes checklists so the Pilot-in-Command can focus on the mission. In software, AI acts as this digital aviator. It helps you navigate the syntax, but you are the one responsible for the destination. If humans stop paying attention, we're not flying; we're passengers in a machine we no longer control.

The Benefits and Hurdles: Navigating the New Sky

AI-assisted automation has transformed the developer's workstation into a high-tech flight deck.

The Mach Speed Benefit: In controlled studies on scoped tasks, developers using AI tools have reported task completion speeds up to 55% faster. It shifts the role from "manual typing" to "strategic orchestration."
The Semantic Hurdle: AI code can be syntactically perfect but logically "hallucinated." If the pilot isn't monitoring the instruments, the AI might lead the project into a "Black Box" scenario, creating a system that works today but is impossible for a human to debug tomorrow.

Major Pain Points AI Can Help Address

AI can reduce repetitive workload and improve delivery speed when paired with strong context, good data, and human oversight:

Legacy Modernization: AI can help with code translation, dependency mapping, and documentation of aging systems. In practice, generated migrations still need domain-expert validation for business rules, integration boundaries, and non-functional requirements.
Automated Testing: AI can generate test scaffolds quickly, especially for common paths and input variations. Coverage can still miss edge cases, race conditions, and implicit assumptions, so independent review and targeted manual tests remain essential.
Knowledge Transfer: AI can accelerate onboarding by summarizing code and surfacing patterns. To keep that knowledge reliable, teams still need senior review and durable documentation for historical decisions, tacit constraints, and production context.

The "Silent" Risks: Security and Fuel

Relying on your Copilot without careful judgment introduces the following hidden risks:

The Confidence Gap: Industry reports have found security vulnerabilities in a substantial share of AI-generated snippets (around 45% in some datasets). Paradoxically, developers often feel more confident in AI output even when it is objectively less secure.
Increased Technical Debt: AI can accelerate delivery, but it can also multiply short-term decisions like duplicated logic, weak abstractions, and inconsistent patterns. When these shortcuts accumulate across features, teams spend more time fixing regressions and refactoring brittle code instead of delivering new value.

This field note shows why governance and validation must be built into AI-assisted delivery from the start.

Agentic Collibra Workflow Automation

Goal: Accelerate Collibra workflow delivery with a Copilot-style multi-agent workflow.

Issue:

Major hallucinations appeared, including invalid API assumptions.
Some generated Groovy constructs causes XML build and parser issues.
Workflow format support was limited and did not match claimed standards.
Organization-specific workflow coding best practices were informal and inconsistent.

Solution: Build a Copilot-guided multi-agent pipeline to generate, import, validate, and maintain Collibra workflows.

Takeaway:

Accuracy improved after grounding agents with a focused knowledge base based on codebase analysis.
AI agents allowed testing and documentation workflows that were previously non-existent.
A trained design agent can add new features more consistently within established patterns.
Importer and scaffolder agents worked together to improve workflow import to a 100% reliability.

Counter-Strategies: The Pilot's Duty to Optimize

To keep the software stable, the developer must move from a passive passenger to an active supervisor using these manual overrides:

Security-First Prompting: Define safety guardrails in your instructions. Specify input validation and rate-limiting to force the AI to produce "hardened" code from the start.
Algorithmic Auditing: AI prioritizes "functional" over "efficient." The pilot must explicitly review algorithmic complexity and practical runtime behavior for the use case to reduce the "fuel" (energy) consumption of the application.
Zero-Trust Review: Never automatically trust code generated by AI. Treat every suggestion as a first draft that must be reviewed by a developer. Also use automated security tools such as SAST and dependency analysis tools like SCA to detect vulnerabilities or risky libraries before integrating the code into the project.
Human-in-the-Loop Gates: Require explicit human approval at critical control points such as architecture decisions, security-sensitive changes, and production deployments. This keeps accountability with the team and prevents high-impact errors from shipping unchecked.
Context-Rich Prompts: Give the model system-specific constraints, domain rules, and repository conventions before generation. Better context reduces logic drift, misconfigurations, and inconsistent naming.
Policy-as-Code Enforcement: Use CI-enforced formatting, linting, and architecture rules so style, readability, and baseline quality checks are automatic instead of reviewer-dependent.
Correctness Safety Rails: Require tests for non-trivial control flow, explicit null and type checks, and standardized exception handling to catch the failure modes that AI frequently misses.
AI-Aware PR Checklists: Add review prompts for error paths, concurrency, dependency correctness, config validation, and secret handling. This focuses reviews where AI-generated changes are most likely to fail.

Conclusion

AI coding is not a panacea; if not handled diligently, it can create a new layer of obscurity and increase maintainability risks over time. Teams can accumulate "epistemic debt," where system behavior becomes harder to explain, troubleshoot, and safely evolve.

On the other hand, it can help greatly in fighting obscurity, providing analysis tools and the skills required for better software engineering. The technology is accelerating, and the flight path is complex, but as long as there is still a pilot in the cockpit, we can reach the destination safely.

References

Quantumrun Foresight. (2026, January 9). GitHub Copilot statistics 2026.
Bandarupalli, G. (2025, April 15). AI-driven legacy systems modernization from COBOL to Java.
Veracode. (2025, July 30). Insights from 2025 GenAI code security report.

Interested in learning more? Contact us to see how we can help you implement safer AI-assisted engineering practices in your organization.