Managing GenAI Coding Risk Like an Investment
Date Published: 05 June 2025
Generative AI tools have greatly improved in their ability to generate large amounts of code, quickly, to support software development tasks. They're fast, confident, and in some cases even creative. But they're also fallible, occasionally destructive, and always somewhat unpredictable.
If you've ever used GenAI to bang out a prototype in hours instead of days, you've seen the upside. If you've watched it delete critical files, misconfigure infrastructure, or hallucinate complex nonsense that passes code review but fails in production, you've felt the downside.
Like any powerful tool, the key to using GenAI well is managing the risk. And one helpful analogy here comes from the world of portfolio management. GenAI tools are high risk, high reward. It likely makes sense for your strategy to include some high risk bets, allowing your to make the most of the upside. But you need to be able to withstand the downside, or else put in place safeguards to mitigate the impact of the risks involved.
Software Portfolios, Not Financial Ones
Don't worry โ this isn't a finance lesson.
But the idea of a diversified portfolio maps nicely to how developers and teams can think about adopting GenAI tools.
You wouldn't put your entire life savings into a single volatile investment. Why put your most critical system directly in the hands of an unpredictable GenAI?
Instead, spread your usage based on risk, maturity, and time horizon.
Diversify GenAI Across Your Codebase
Different parts of your software system, or different projects or activities in your organization, carry different risk profiles. Here's how you might think about using GenAI tools accordingly:
๐งช Prototypes and Experiments
These are typically High potential, low consequence.
- Use GenAI aggressively. Let it generate boilerplate, services, API calls, and more.
- If something goes wrong, you throw it out and start again.
- Perfect for "vibe coding."
Also Great for: Hackathons, R&D spikes, internal demos
Routine or Low-Stakes Code Activities
Typically this is "real code" but it's not the sexy or exciting parts. Moderate reward, low risk.
- Let GenAI take the wheel for CRUD endpoints, DTOs, unit tests, infrastructure scaffolding.
- Still review the code, but don't agonize over it.
- Ideally give it some initial templates to work from so it doesn't get too creative
Good for: API plumbing, UI skeletons, data access with few business rules
Core Business Logic
Typically this has the biggest risk due to potentially high consequences if broken. Use caution!
- Use GenAI as an assistant, not an architect.
- It can write test scaffolds, suggest refactorings, or generate docs, but humans must own the logic.
- Require code review, tests, and observability to mitigate risk
โ ๏ธ Use extra caution with: Billing, authorization, workflow engines, and other critical areas of the system
Consider Your Time Horizon
Another portfolio principle worth borrowing: investment duration matters.
If you're building something throwaway or short-lived, you can afford more risk. If you're building something meant to last years โ with multiple contributors and production impact โ you may want to be more conservative.
Time Horizon | GenAI Use |
---|---|
Hours to Days | Use freely โ speed is more valuable than perfection |
Weeks to Months | Validate thoroughly โ test and review before merging |
Years | Use selectively โ treat GenAI like an intern with root access |
Safe-to-Fail, Not Fail-Safe
No GenAI tool today is truly fail-safe. But your systems can be safe-to-fail by design:
- Keep GenAI-generated changes in feature branches
- Review diffs carefully โ trust the actual code, not the AI's summary of what it did
- Add test coverage and logging for sensitive areas - don't just trust the AI's tests!
- Consider tracing AI-generated code with commit metadata
- Protect critical systems with guardrails like CI/CD, linters, and security scanners
Help Out Future You
Just like in investing, you're not just building for today โ you're building for future you.
If GenAI helps you ship faster today but leaves a tangled mess of unclear logic, fragile hacks, and undocumented behaviors, you're trading short-term gain for long-term pain. Remember, "GenAI is the new offshoring". Many companies jumped on the offshoring bandwagon to find cheap labor for their dev needs only to find the results ended up being tangled messes they were then saddled with for decades.
Instead, use GenAI as an accelerant, not a replacement for discipline. Keep your fundamentals strong: modular design, unit tests, clear naming, consistent styles, and documentation.
Summary
Think of GenAI coding like a software portfolio. Use it where the upside is high and the risk is low. Diversify across your codebase. Be extra cautious with core systems. And remember: fast code isn't free if you have to spend massive resources to maintain it over the longer term.
Category - Browse all categories

About Ardalis
Software Architect
Steve is an experienced software architect and trainer, focusing on code quality and Domain-Driven Design with .NET.