Software has become the engine of modern business. It processes payments, serves customers, runs supply chains and powers everything from banking apps to transport networks. When that software fails, revenue stops, operations stall and customer trust evaporates.
Yet as organisations race to embrace AI-powered software development, many are discovering that while software can now be created faster than ever, ensuring it actually works is a growing challenge. In fact, AI is creating a new and largely overlooked risk: software being generated faster than organisations can properly test and govern it.
“We’re seeing error rates that are 40 to 50% higher in code written by AI compared to code written by humans,” says Kevin Thompson, CEO of Tricentis. One reason is that AI only has the context provided by its user – and people inevitably leave things out. “If the code that’s being written is written without complete context, by definition there will be problems with it that you’re going to have to find,” he says.
The mistake too many CIOs have made is transforming the development process and leaving the quality process right where it was
The result is a growing paradox: AI is helping organisations generate more software than ever, but software quality is deteriorating. That undermines many of the efficiency and cost benefits organisations hope to achieve through AI-assisted development. At the same time, testing and validation processes are becoming increasingly fragmented as teams struggle to manage soaring code volumes, expanding AI toolsets and pressure to release faster.
“The mistake too many CIOs have made is transforming the development process and leaving the quality process right where it was,” says Thompson.
Tricentis’ second annual Quality Transformation Report, based on a survey of more than 2,500 senior leaders and software developers, suggests many organisations are losing confidence in their ability to maintain software quality. Only 37% of respondents say they are very confident their current testing strategy addresses the most critical risks to software quality and business performance.
Six in ten organisations are also deploying untested code. While accidental quality lapses were a major factor last year, respondents now report that development teams are knowingly pushing untested code into production because of leadership pressure to accelerate delivery and the sheer volume of code requiring validation.
A board-level concern
The consequences can be severe. Security breaches, compliance failures, mounting technical debt, rising rework costs, loss of customer trust and stalled transformation programmes can all stem from defects that escape testing. Almost half of organisations report annual losses of between $500,000 and $1m as a result of poor software quality, while one in five loses up to $5m.
Software quality is no longer simply a technical issue; it is a business risk that demands board-level attention.
“There’s really three issues for boards [to consider],” says Thompson. First, whether poor-quality software is undermining revenue growth while increasing operational costs. Second, whether inadequately tested code is introducing security vulnerabilities. And third, whether the organisation can move with the speed and quality required to remain competitive.
The rise of software quality as a boardroom issue mirrors the evolution of cybersecurity. For years, cyber security was largely viewed as an IT responsibility, rarely discussed at board level. That changed as breaches became more frequent and costly, bringing financial losses, regulatory penalties and reputational damage. Boards responded by creating dedicated oversight structures and incorporating cyber risk into broader enterprise risk management.
AI-driven software development is creating similar concerns. As more code reaches production at greater speed, the potential impact of quality failures increases accordingly.
“A lot of boards are now establishing technology committees to oversee what’s going on in their internal technology,” says Thompson. Their role is to ensure organisations understand how their software is being developed, where AI is being used and how the associated risks are evolving.
Assessing the risks
Boards should not assume these risks are confined to commercial software purchased from vendors. Much of the most business-critical code is written internally.
“Seventy per cent of the applications run internally by the average corporate enterprise are not packaged apps sold by companies like ours,” says Thompson. “They’re applications they wrote for themselves.” These may not be large-scale ERP platforms, but they often support critical processes – and when they fail, business operations can grind to a halt.
Another challenge is a growing disconnect between executive optimism about AI and operational reality. More than four in five CEOs report high confidence in AI-driven systems and tools, compared with just over half of QA and DevOps professionals. Similarly, 44% of C-suite executives believe their organisation is very prepared to operationalise, govern and scale AI agents across the software development lifecycle (SDLC), compared with just 23% of QA and DevOps professionals.
The same divide appears in perceptions of software quality. While 93% of C-level respondents are confident their testing strategies address the most critical risk areas, 30% of QA and DevOps leaders remain uncertain or openly sceptical about the effectiveness of existing testing approaches.
Regardless of these differing perspectives, simply hiring more people is unlikely to solve the problem.
“There’s not enough qualified QA people in the world to keep up with the rate of code that we are writing and putting into production right now,” says Thompson. Even if there were, many organisations would struggle to justify the cost or wait through lengthy onboarding and training cycles.
The agentic solution
Instead, organisations are increasingly turning to AI itself to strengthen quality assurance. Many are already reporting gains in areas such as risk detection, testing accuracy and automation coverage. As AI reshapes software development, it is becoming clear that quality assurance must evolve alongside it.
Tricentis positions its AI Workspace as a control plane for agentic quality engineering, enabling organisations to orchestrate AI agents, workflows and human oversight across the SDLC. The goal is to make quality assurance continuous while ensuring teams retain control over critical decisions.
Human approval gates and full visibility into AI-generated outputs remain central to the model. Agents handle much of the execution work, while people intervene where judgement and accountability matter most.
According to Thompson, Tricentis’ agents have achieved more than 95% accuracy on AI-generated tests, while reducing test creation and maintenance time by as much as 97%.
“You can talk to our AI and say, ‘here’s what I need to test and here’s how I think the test needs to be designed’, and we’ll write the test for you,” he says.
By combining AI-driven development with properly governed AI-driven quality assurance, organisations can capture the speed and productivity benefits of automation without increasing business risk. As Thompson argues, the promise of AI will not be realised through faster software development alone. It will depend equally on how effectively organisations manage quality, risk and cost as AI becomes embedded across the software lifecycle.
For boards, the implication is clear: software quality can no longer be treated as an IT issue. In an AI-driven world, it is a strategic business priority.
Three ways boards can reduce software quality risk
As AI accelerates software development, boards need to ensure quality keeps pace. Kevin Thompson, CEO of Tricentis, outlines three priorities for business leaders.
“Software quality used to sit in the middle or at the end of the development process. Teams would write applications and implement code, and only then think about quality.
“But quality has got to move to the front of the process. If you don’t redesign your approach to quality, you’re never going to realise the full value AI is capable of delivering to the enterprise. Instead, organisations will find themselves dealing with the consequences of unmanaged risk. As AI enables more software to be created at greater speed, quality can no longer be treated as an afterthought.”
“As organisations automate more of the quality process, they also need to rethink how they work with consulting and service providers.
“Traditional delivery models have often relied on large teams of people carrying out manual work. But AI changes that equation. Humans remain essential, particularly when it comes to oversight, judgement and governance, but they shouldn’t be responsible for every task. Organisations need partners that embrace AI-driven approaches to quality, rather than simply replicating old ways of working with new tools.”
“Boards need to make sure the organisation has a clear understanding of risk. That means knowing what has changed within an application, understanding the impact of those changes across the wider environment, and identifying where the greatest risks lie.
“Don’t just test everything. Test the things that matter most. The organisations that succeed will be those that focus their testing efforts where they will have the greatest impact on business performance, security and resilience.”
To explore how organisations can close the widening gap between software delivery speed and confidence to protect revenue, resilience and customer trust, download Tricentis’ Quality Transformation Report here.
Software has become the engine of modern business. It processes payments, serves customers, runs supply chains and powers everything from banking apps to transport networks. When that software fails, revenue stops, operations stall and customer trust evaporates.
Yet as organisations race to embrace AI-powered software development, many are discovering that while software can now be created faster than ever, ensuring it actually works is a growing challenge. In fact, AI is creating a new and largely overlooked risk: software being generated faster than organisations can properly test and govern it.
“We’re seeing error rates that are 40 to 50% higher in code written by AI compared to code written by humans,” says Kevin Thompson, CEO of Tricentis. One reason is that AI only has the context provided by its user – and people inevitably leave things out. “If the code that's being written is written without complete context, by definition there will be problems with it that you’re going to have to find,” he says.
