How AI is Shrinking the SDLC: in greenfield, brownfield, regulated industries

Marat Kee — Wed, 01 Apr 2026 11:07:50 +0000

How AI is Shrinking the SDLC

I work with experimental AI-first teams, exploring how agentic engineering impacts Lead Time. Here's what I'm seeing.

And unlike some people say, I think that SDLC is not killed by agents. I think it compresses into something more lightweight.

One person with AI can generate what used to require a team. The bottleneck shifts from writing code to validating it.

But this isn't uniform across all contexts. Greenfield, brownfield, and regulated environments each compress differently.

Scenario 1: Greenfield / MVP / Internal Tools

Context: New project, no users, low error cost, speed is critical.

What changes:

Tiered Code Review: security-critical code (auth, crypto) — 100% human review; everything else — automated checks + spot-check
Observability as primary safety net (canary releases, auto-rollback)
Iterations are now significantly faster, to the point where customer gets updates during the demo

Important: even in greenfield, AI code contains 1.7x more issues. Skipping review entirely is risky.

How to ensure we didn't make it worse:

Lead Time ≤ 1 day
Deployment Frequency > 1/day
Change Failure Rate within DORA "Good" threshold (0-15%)

Scenario 2: Brownfield / Existing Product

Context: Real users, established reputation, existing technical debt. Errors cost money.

What changes:

We need a tiered approach by risk:

Code Type	Human Review	Examples
Security-critical	100% senior review	Auth, payments, PII, crypto
Business logic	30-40% peer review	Features, API, data flows
Utility	Spot-check + automated	Tests, docs, configs

Found interesting stats: Per LinearB 2026 Benchmarks, AI PRs merge at 32.7% vs 84.5% for human code — most require rework. Per my experience, we accept only 18% of 100% ai written PRs.

How to ensure we didn't make it worse:

Code Review Time doesn't grow (despite more PRs)
Defect Rate stable or declining
SLA/SLO maintained

Scenario 3: Regulated Industries (Fintech, Healthcare, Insurance)

Context: Compliance requires human accountability. Audit trail is mandatory.

What changes:

100% audit trail for all AI-generated code: who requested, what was generated, who approved
AI accelerates stages, but humans make decisions — this is a regulatory requirement (FDA, PCI-DSS, HIPAA)
Stages can merge, but the artefacts are still reqiured for audit

How to ensure we didn't make it worse:

Change Failure Rate doesn't increase
Compliance review time gradually decreases
Audit trail complete and verifiable

The Bottom Line

There's no universal "new SDLC" with only agents and zero humans. Reality is a spectrum depending on project context.

Besides the context, team and its culture dramatically influence whether AI makes it better or worse. It accelerates good practices and bad practices equally. Get your quality gate together and embrace the result.

DEV Community: Marat Kee

How AI is Shrinking the SDLC: in greenfield, brownfield, regulated industries

How AI is Shrinking the SDLC

Scenario 1: Greenfield / MVP / Internal Tools

Scenario 2: Brownfield / Existing Product

Scenario 3: Regulated Industries (Fintech, Healthcare, Insurance)

The Bottom Line