DEV Community

Cover image for How AI is Shrinking the SDLC: in greenfield, brownfield, regulated industries
Marat Kee
Marat Kee

Posted on

How AI is Shrinking the SDLC: in greenfield, brownfield, regulated industries

#ai #programming #productivity #discuss

How AI is Shrinking the SDLC

I work with experimental AI-first teams, exploring how agentic engineering impacts Lead Time. Here's what I'm seeing.

And unlike some people say, I think that SDLC is not killed by agents. I think it compresses into something more lightweight.

One person with AI can generate what used to require a team. The bottleneck shifts from writing code to validating it.

But this isn't uniform across all contexts. Greenfield, brownfield, and regulated environments each compress differently.

Scenario 1: Greenfield / MVP / Internal Tools

Context: New project, no users, low error cost, speed is critical.

What changes:

  • Tiered Code Review: security-critical code (auth, crypto) — 100% human review; everything else — automated checks + spot-check
  • Observability as primary safety net (canary releases, auto-rollback)
  • Iterations are now significantly faster, to the point where customer gets updates during the demo

How SDLC looks for Greenfield Project

Important: even in greenfield, AI code contains 1.7x more issues. Skipping review entirely is risky.

How to ensure we didn't make it worse:

  • Lead Time ≤ 1 day
  • Deployment Frequency > 1/day
  • Change Failure Rate within DORA "Good" threshold (0-15%)

Scenario 2: Brownfield / Existing Product

Context: Real users, established reputation, existing technical debt. Errors cost money.

What changes:

We need a tiered approach by risk:

Code Type Human Review Examples
Security-critical 100% senior review Auth, payments, PII, crypto
Business logic 30-40% peer review Features, API, data flows
Utility Spot-check + automated Tests, docs, configs

Found interesting stats: Per LinearB 2026 Benchmarks, AI PRs merge at 32.7% vs 84.5% for human code — most require rework. Per my experience, we accept only 18% of 100% ai written PRs.

AI-native SDLC for Brownfield Project

How to ensure we didn't make it worse:

  • Code Review Time doesn't grow (despite more PRs)
  • Defect Rate stable or declining
  • SLA/SLO maintained

Scenario 3: Regulated Industries (Fintech, Healthcare, Insurance)

Context: Compliance requires human accountability. Audit trail is mandatory.

What changes:

  • 100% audit trail for all AI-generated code: who requested, what was generated, who approved
  • AI accelerates stages, but humans make decisions — this is a regulatory requirement (FDA, PCI-DSS, HIPAA)
  • Stages can merge, but the artefacts are still reqiured for audit

SDLC with AI for regulated projects

How to ensure we didn't make it worse:

  • Change Failure Rate doesn't increase
  • Compliance review time gradually decreases
  • Audit trail complete and verifiable

The Bottom Line

There's no universal "new SDLC" with only agents and zero humans. Reality is a spectrum depending on project context.

Besides the context, team and its culture dramatically influence whether AI makes it better or worse. It accelerates good practices and bad practices equally. Get your quality gate together and embrace the result.

Top comments (0)