Managing GenAI Coding Risk Like an Investment

Date Published: 05 June 2025

Managing GenAI Coding Risk Like an Investment

Generative AI tools have greatly improved in their ability to generate large amounts of code, quickly, to support software development tasks. They're fast, confident, and in some cases even creative. But they're also fallible, occasionally destructive, and always somewhat unpredictable.

If you've ever used GenAI to bang out a prototype in hours instead of days, you've seen the upside. If you've watched it delete critical files, misconfigure infrastructure, or hallucinate complex nonsense that passes code review but fails in production, you've felt the downside.

Like any powerful tool, the key to using GenAI well is managing the risk. And one helpful analogy here comes from the world of portfolio management. GenAI tools are high risk, high reward. It likely makes sense for your strategy to include some high risk bets, allowing your to make the most of the upside. But you need to be able to withstand the downside, or else put in place safeguards to mitigate the impact of the risks involved.

Software Portfolios, Not Financial Ones

Don't worry โ€” this isn't a finance lesson.

But the idea of a diversified portfolio maps nicely to how developers and teams can think about adopting GenAI tools.

You wouldn't put your entire life savings into a single volatile investment. Why put your most critical system directly in the hands of an unpredictable GenAI?

Instead, spread your usage based on risk, maturity, and time horizon.

Diversify GenAI Across Your Codebase

Different parts of your software system, or different projects or activities in your organization, carry different risk profiles. Here's how you might think about using GenAI tools accordingly:

๐Ÿงช Prototypes and Experiments

These are typically High potential, low consequence.

  • Use GenAI aggressively. Let it generate boilerplate, services, API calls, and more.
  • If something goes wrong, you throw it out and start again.
  • Perfect for "vibe coding."

Also Great for: Hackathons, R&D spikes, internal demos

Routine or Low-Stakes Code Activities

Typically this is "real code" but it's not the sexy or exciting parts. Moderate reward, low risk.

  • Let GenAI take the wheel for CRUD endpoints, DTOs, unit tests, infrastructure scaffolding.
  • Still review the code, but don't agonize over it.
  • Ideally give it some initial templates to work from so it doesn't get too creative

Good for: API plumbing, UI skeletons, data access with few business rules

Core Business Logic

Typically this has the biggest risk due to potentially high consequences if broken. Use caution!

  • Use GenAI as an assistant, not an architect.
  • It can write test scaffolds, suggest refactorings, or generate docs, but humans must own the logic.
  • Require code review, tests, and observability to mitigate risk

โš ๏ธ Use extra caution with: Billing, authorization, workflow engines, and other critical areas of the system

Consider Your Time Horizon

Another portfolio principle worth borrowing: investment duration matters.

If you're building something throwaway or short-lived, you can afford more risk. If you're building something meant to last years โ€” with multiple contributors and production impact โ€” you may want to be more conservative.

Time Horizon GenAI Use
Hours to Days Use freely โ€” speed is more valuable than perfection
Weeks to Months Validate thoroughly โ€” test and review before merging
Years Use selectively โ€” treat GenAI like an intern with root access

Safe-to-Fail, Not Fail-Safe

No GenAI tool today is truly fail-safe. But your systems can be safe-to-fail by design:

  • Keep GenAI-generated changes in feature branches
  • Review diffs carefully โ€” trust the actual code, not the AI's summary of what it did
  • Add test coverage and logging for sensitive areas - don't just trust the AI's tests!
  • Consider tracing AI-generated code with commit metadata
  • Protect critical systems with guardrails like CI/CD, linters, and security scanners

Help Out Future You

Just like in investing, you're not just building for today โ€” you're building for future you.

If GenAI helps you ship faster today but leaves a tangled mess of unclear logic, fragile hacks, and undocumented behaviors, you're trading short-term gain for long-term pain. Remember, "GenAI is the new offshoring". Many companies jumped on the offshoring bandwagon to find cheap labor for their dev needs only to find the results ended up being tangled messes they were then saddled with for decades.

Instead, use GenAI as an accelerant, not a replacement for discipline. Keep your fundamentals strong: modular design, unit tests, clear naming, consistent styles, and documentation.

Summary

Think of GenAI coding like a software portfolio. Use it where the upside is high and the risk is low. Diversify across your codebase. Be extra cautious with core systems. And remember: fast code isn't free if you have to spend massive resources to maintain it over the longer term.

Steve Smith

About Ardalis

Software Architect

Steve is an experienced software architect and trainer, focusing on code quality and Domain-Driven Design with .NET.