Remember this Quora comment (which also became a meme)?
(Source: Quora)
In the pre-Large Language Model (LLM) stack overflow era, the challenge was demanding Which code snippets for effective adoption and adaptation. Now that code generation has change into a breeze, the greater challenge is to reliably discover and integrate high-quality, enterprise-grade code into production environments.
This article will explore the practical pitfalls and limitations observed when engineers use modern coding agents in real enterprise work, solving more complex problems related to integration, scalability, availability, evolving security practices, data privacy, and maintainability in real operational conditions. We hope to counter the noise and provide a more technically grounded view of the capabilities of AI coding agents.
Limited domain understanding and service limits
AI agents have great difficulty designing scalable systems on account of the massive explosion of decisions and the critical lack of enterprise-specific context. In short, the codebases and monorepos of large enterprises are often too large for agents to learn from directly, and key knowledge can often be fragmented in internal documentation and individual expertise.
More specifically, many popular encoding agents face service limitations that hinder their effectiveness in large-scale environments. Indexing features may fail or degrade for repositories larger than 2,500 files or on account of memory constraints. Furthermore, files larger than 500KB are often excluded from indexing/searching, which affects established products with larger code files from a long time ago (although newer projects may admittedly encounter this less ceaselessly).
For complex tasks involving extensive file contexts or refactoring, developers are expected to offer the appropriate files in addition to clearly define the refactoring routine and surrounding compilation/command sequences to validate implementation without introducing feature regressions.
No hardware or usage context
AI agents demonstrated a critical lack of awareness regarding OS installation, command line, and environment (conda/venv). This lack can result in frustrating experiences akin to when the agent tries to execute Linux commands in PowerShell, which might consistently result in “unrecognized command” errors. Furthermore, agents often exhibit inconsistent “wait tolerance” when reading command results, prematurely declaring they can not read the results (and proceeding to retry/skip) before the command has accomplished, especially on slower computers.
It’s not only about nitpicking characteristics; fairly, the devil is in these practical details. These experience gaps manifest as real friction points and require constant human vigilance to observe agent activity in real time. Otherwise, the agent may ignore information about the initial tool call and either stop prematurely or resort to a half-baked solution requiring undoing some/all changes, re-running prompts, and wasting tokens. Submitting a prompt on a Friday evening and expecting a code update to occur when you check in on Monday morning is not guaranteed.
No more hallucinations repeated actions
Working with AI coding agents often creates a long-term challenge in the form of hallucinations or incorrect or incomplete pieces of information (akin to small pieces of code) inside a larger set of changes that are expected to be fixed by the programmer with trivial or little effort. However, inappropriate behavior becomes particularly problematic repeated inside a single thread, forcing users to start out a recent thread and re-enter the entire context, or manually intervene to “unlock” the agent.
For example, while configuring code for a Python function, an agent tasked with implementing complex production-ready changes encountered a file (see below) containing special characters (brackets, dot, asterisk). These characters are very fashionable in computer science software versions.
(Image created manually using standard code. Source: Microsoft Find out AND Edit the application host file (host.json) in the Azure portal)
The agent incorrectly flagged this value as unsafe or harmful, halting the entire generation process. This adversarial attack misidentification occurred 4 to five times despite various prompts to try a restart or proceed modifications. This version format is actually the schema present in the Python HTTP trigger code template. The only workaround that worked was to instruct the agent to do so NO read the file and as an alternative ask it for the desired configuration and make sure the developer manually adds it to that file, confirm and ask it to proceed with the rest of the code changes.
The inability to exit the output loop of a repeatedly faulty agent in the same thread highlights a practical limitation that significantly wastes programming time. Essentially, developers now spend time debugging/improving AI-generated code fairly than Stack Overflow or their very own code snippets.
Lack of enterprise-level coding practices
Security best practices: Coding agents often default to less secure authentication methods, akin to key-based authentication (client secret keys), fairly than modern identity-based solutions (akin to Entra ID or federated credentials). This oversight can introduce significant security vulnerabilities and increase maintenance costs because key management and rotation are complex tasks that are increasingly limited in enterprise environments.
Obsolete SDKs and reinventing the wheel: Agents may not all the time use the latest SDK methods, as an alternative generating more detailed and tougher to take care of implementations. Using the Azure Functions example, agents generated code using the existing SDK v1 for read/write operations, fairly than the much cleaner and more maintainable SDK v2 code. Developers need to review the latest best practices on the web to have a mental map of dependencies and expected implementation that can ensure long-term maintainability and reduce upcoming technology migration efforts.
Limited intent recognition and repetitive code: Even for smaller scope modular tasks (which are typically encouraged to attenuate hallucinations or debugging downtime), akin to extending an existing function definition, agents can follow instructions literally and create a logic that seems to be almost repeatable, without anticipating the coming or inarticulate developer’s needs. This implies that for these modular tasks, the agent may not routinely discover and refactor similar logic in common functions or improve class definitions, resulting in technical debt and tougher to administer code bases, especially in the case of vibration coding or lazy developers.
Simply put, those viral YouTube videos showing rapid, zero-to-one application development in one sentence simply don’t capture the nuances of the challenges facing production-grade software, where security, scalability, maintainability, and future-proof design architectures are paramount.
Confirmation bias compensation
Confirmation bias is a major problem because LLMs often confirm the user’s assumptions, even when the user expresses doubt and asks the agent to make clear his understanding or suggest alternative ideas. This tendency for models to adapt to what they think the user wants to listen to results in lower overall quality of results, especially for more objective/technical tasks akin to coding.
Is extensive literature suggest that if a model starts with a statement like “You’re absolutely right!”, the remaining output tokens are inclined to justify that statement.
Constant need for child care
Despite the allure of autonomous coding, the reality of AI agents in enterprise development often requires constant human vigilance. Cases akin to an agent attempting to execute Linux commands in PowerShell, false positive security flags, or introducing inaccuracies for domain-specific reasons highlight critical vulnerabilities; developers just cannot let go. Instead, they need to continuously monitor their reasoning process and understand multi-file code additions to avoid wasting time on poor answers.
The worst possible experience with agents is for a developer to simply accept multi-file code updates full of bugs and then waste time debugging because of how “beautiful” the code looks. It may even cause this sunk cost fallacy hoping that the code will work after just a few tweaks, especially when the updates involve multiple files in a complex/unknown codebase with connections to multiple independent services.
It’s like working with a 10-year-old genius who has memorized extensive knowledge and even takes every user’s intent into account, but chooses showing off that knowledge over solving the real problem and lacks the foresight required to succeed in real-world use cases.
This “babysitting” requirement, combined with the frustrating repetition of hallucinations, implies that time spent debugging AI-generated code can dwarf the time savings expected from using the agent. Needless to say, developers in large enterprises must very consciously and strategically navigate modern agent tools and use cases.
Application
There is little doubt that AI coding agents have proven to be nothing short of revolutionary, accelerating prototyping, automating standard coding, and changing the way developers build. The real challenge today is not generating code, it’s knowing what to ship, secure it, and where to scale it. Smart teams learn to filter out the noise, use agents strategically, and double down on engineer rankings.
As CEO of GitHub Recently noticed by Thomas Dohmke: The most advanced developers have “moved from writing code to designing and verifying implementation efforts led by AI agents.” In the agentic era, success does not belong to those that can tell code, but to those that can construct lasting systems.
Rahul Raja is a software engineer at LinkedIn.
Advitya Gemawat is a machine learning (ML) engineer at Microsoft.
Editor’s note: The opinions expressed in this text are the personal opinions of the authors and do not reflect the opinions of their employers.