I helped introduce a bug into our codebase.
Not the developer. Me — the reviewer.
Here's what happened:
A developer had written a function wrapped in a TransactionScope — a deliberate row-level lock. During my review, I copied part of the function, asked GitHub Copilot Chat to optimise it, and got back a clean suggestion: add AsNoTracking().
I recognised it immediately. It looked right. I posted it as a review comment.
The developer trusted me. They made the change. It passed CI.
In QA, under concurrent load — race condition.
Copilot wasn't wrong. It optimised exactly what it could see.
The problem? It couldn't see the TransactionScope. It couldn't see the row lock. It couldn't see what would happen under concurrent requests.
It was right about the fragment. It was blind to the system.
This is the failure mode nobody talks about:
👉 Not developers blindly accepting AI suggestions.
👉 Reviewers confidently spreading them.
The future of development is AI-Assisted — not AI-Unsupervised.
That one word is the difference between a good review and a race condition in QA.
I wrote up the full post-mortem — what broke, why every layer missed it, and the four concrete things we changed.
🔗 Originally published on Medium
Top comments (0)