2025-12-09

Kiro Can Code for Days. Your Codebase Will Pay for Years.

Kiro cover

Amazon just announced Kiro, an autonomous coding agent that can “independently figure out how to get work done” for multiple days without human intervention. AWS CEO Matt Garman proudly stated that “you simply assign a complex task from the backlog and it independently figures out how to get that work done.”

Sounds amazing, right? A tireless developer that works through the night, never complains, never needs coffee breaks, and ships code while you sleep.

Here’s the problem: I’ve spent over 15 years as a software engineer and consultant, and I’ve seen this movie before. The prototype that “just works” becomes the foundation everyone has to build on for the next five years. Except now, instead of a junior developer cutting corners to meet a deadline, it’s an AI system doing it at scale, unsupervised, for days at a time.

This isn’t a story about AI being bad. I use Claude Code daily and I built Atomic Agents specifically because I believe AI can be incredibly useful when applied correctly. This is a story about expectations, and what happens when they’re dangerously misaligned with reality.

The Demo-to-Production Gap Is a Chasm

Let’s start with the uncomfortable truth the marketing materials won’t tell you.

Kiro productivity

A METR study from July 2025 ran a randomized controlled trial with experienced open-source developers. Half used AI tools, half didn’t. The result: developers using AI were 19% slower. But here’s the kicker: they believed they were 20% faster. The productivity gain was a complete illusion.

The 2025 Stack Overflow Developer Survey found that only 16.3% of developers said AI made them more productive “to a great extent.” The largest group, 41.4%, said it had little or no effect.

And trust is cratering. Developer trust in AI output accuracy dropped from 43% in 2024 to 33% in 2025. People are waking up.

But the most damning number is this: 16 of 18 CTOs surveyed report production disasters from AI-generated code, including security vulnerabilities, performance problems, and unmaintainable code. That’s not a bug. It’s a pattern.

The Salesmen Are Really, Really Good

I get it. The demos are impressive. Devin showed an AI completing an Upwork task end-to-end. Kiro promises days of autonomous coding. The pitch decks are slick, the conference talks are polished, and the cherry-picked examples work flawlessly.

But then someone actually looked under the hood.

A detailed video analysis of Devin’s famous demo exposed multiple problems: the AI created its own bugs and then “fixed” them (conveniently omitted from the demo), edited files that didn’t exist in the actual repository, and demonstrated poor coding practices like writing low-level file loops instead of using standard libraries. The timestamps revealed a task that looked quick in the video actually stretched over many hours into the next day.

Did any of this stop Cognition from raising $20 million from Peter Thiel? Of course not.

This is the environment we’re in. Good salesmen with cherry-picked demos that look incredible in a meeting room but fall apart in production. As one analysis put it: “The system that looked smart in a five-minute demo looks lost when exposed to the chaos of production.”

The Prototype Problem, Supercharged

Here’s what keeps me up at night.

In my 15+ years of consulting, I’ve seen the same pattern repeat endlessly: a “quick prototype” gets built to demonstrate feasibility. Management loves it. Stakeholders get excited. And then, instead of treating it as what it is (a throwaway proof of concept), it becomes the foundation for everything that follows.

This has always been a problem with human developers. But at least with humans, you could argue, negotiate, push back. “This needs to be rewritten before we build on it.” Sometimes you’d win that argument.

With AI coding agents promising to work for days autonomously, you’re not getting a quick prototype. You’re getting an elaborate, sprawling codebase that looks complete. It runs. It passes the basic tests. Management sees a finished product.

But what’s actually in there?

  • Inconsistent architecture choices made at hour 3 that contradict decisions made at hour 47
  • Reinventing the wheel because the AI doesn’t know (or doesn’t remember) that the project already has a utility for that
  • Spaghetti dependencies that seemed logical in isolation but create nightmares when you need to change anything
  • Security vulnerabilities that a human reviewer would catch but the AI blissfully ignores

Research backs this up. AI-generated code shows 322% more privilege escalation paths and 153% more design flaws compared to human-written code. And 40% of AI-generated code contains vulnerabilities.

When that AI-built “prototype” becomes your production system, you’re not saving development time. You’re borrowing it at predatory interest rates.

The Uncomfortable Question: Who’s Really Benefiting?

Let me be blunt: the people most excited about autonomous coding agents are rarely the ones who’ll have to maintain the code.

Managers see reduced headcount. Executives see faster delivery timelines. Sales teams see impressive demos to show clients.

Developers see a ticking time bomb.

And when that bomb goes off (18 months later, when the codebase is unmaintainable and the technical debt has compounded into a crisis), who catches the blame? Not the AI vendor. They’re long gone, having moved on to the next funding round. Not the manager who pushed the “prototype” into production. They’ve been promoted based on those impressive delivery metrics.

It’s the developers. The ones left holding the bag, trying to untangle years of accumulated architectural decisions made by a system that had no concept of long-term maintainability.

Klarna learned this the hard way. They reduced their workforce by 22% in 2024 ahead of the AI revolution. Then, in May 2025, they announced a “recruitment drive” to bring workers back. Turns out the AI couldn’t actually do what the demos promised.

The Path Forward: Guardrails, Not Guardrails Optional

I’m not saying don’t use AI for coding. I use it constantly. But the key word is use, not trust blindly.

If you’re going to bring tools like Kiro or any autonomous coding agent into your workflow, you need to treat their output the way you’d treat code from an enthusiastic but inexperienced developer: with structured oversight.

The Lieutenant-Dictator Model

The Linux kernel has managed contributions from thousands of developers for decades using the Dictator and Lieutenants workflow. The principle is simple: multiple lieutenants review and approve, but a dictator (the project lead) makes the final call on what gets merged.

Adapt this for AI:

  1. AI as one lieutenant: The AI generates code or reviews
  2. Human as second lieutenant: A developer reviews in parallel
  3. Senior developer as dictator: The tech lead or a senior engineer makes the final merge decision

No AI-generated code ships without human sign-off. Period.

Treat AI Output as Draft Code

This means:

  • Never merge directly from an AI coding session
  • Require architectural review for anything touching core systems
  • Run security scans (AI-assisted commits get merged 4x faster, often bypassing proper review, with 2.5x higher rates of critical vulnerabilities)
  • Document the “why” behind architectural decisions, because the AI won’t

Only 3.8% of developers report both low hallucination rates and high confidence shipping AI code without human review. That means over 96% know they can’t trust it blindly. Act accordingly.

Demand Real Metrics, Not Demos

Before your organization adopts any autonomous coding tool, ask for:

  1. Production failure rates, not demo success rates
  2. Long-term maintenance costs from existing customers (not just initial development speed)
  3. Security audit results on AI-generated codebases
  4. Developer satisfaction surveys from teams that have used it for 6+ months

If the vendor can only show you cherry-picked demos and refuses to provide real-world metrics, that tells you everything you need to know.

The METR study surprised everyone, including the researchers. The gap between perceived productivity (+20%) and actual productivity (-19%) was a 39-percentage-point chasm. That’s not a rounding error. That’s a mass delusion fueled by impressive demos and marketing budgets.

Conclusion

Kiro might be genuinely useful for rapid prototyping, exploring ideas, or generating boilerplate that a human will heavily review and refactor. That’s legitimate value.

But “coding autonomously for days” isn’t a feature. It’s a warning.

The best AI implementation is one where humans remain in control: setting architecture, reviewing decisions, catching the mistakes that only experience can spot. When you remove that oversight, you’re not accelerating development. You’re accelerating the accumulation of technical debt.

So yes, use the new tools. Experiment with autonomous agents. See what they can do.

Just don’t let anyone convince you that a system running unsupervised for 48 hours is going to produce code you’d be proud to maintain for the next five years.

Because you will be maintaining it. And when the bill comes due, the salesmen will be long gone.

Want your team to actually get ROI from AI coding tools instead of accumulating technical debt? I run workshops for both management and development teams on implementing AI-assisted development the right way: with proper guardrails, realistic expectations, and workflows that deliver measurable results. No snake oil. No cherry-picked demos. Just practical strategies that work in production.

Want this kind of analysis in your inbox once a month?

Subscribe