Title

Linus Torvalds Slams AI Bug Reports as ‘Almost Useless’—Shattering the Illusion of ‘AI Code = Free’ at the Cost of Real-World Implications

Body

AI-generated code is not ‘free.’ In fact, it may end up being quite costly.

Linux creator Linus Torvalds has decisively labeled AI-generated bug reports as ‘almost useless.’ The reason is simple: while AI produces reports that sound plausible, they often fail to capture the essence of the actual problem. Developers must decipher these reports, verify whether they represent real bugs, and discard them if they are off the mark. This process consumes time. In other words, AI is ‘increasing the workload.’

This issue arises in the context of the top-tier Linux kernel project, but the same structural problems occur when local small and medium-sized enterprises (SMEs) adopt AI coding. In fact, the damage may be even greater in SMEs, where review systems are often weaker.

Facing the ‘Hidden Costs’ of AI Coding

AI coding tools, such as GitHub Copilot, have exploded in popularity. For a monthly fee of $19 (about 2,900 yen), they ‘automatically generate code.’ At first glance, this seems like an incredible deal. Considering the labor costs of engineers, the cost-saving effect appears substantial.

However, there is a pitfall here.

No one has calculated how much it costs to ‘clean up’ the code generated by AI.

According to a survey released by GitClear in 2024, the ‘churn rate’ of code (the rate at which code is rewritten shortly after being written) has doubled since the introduction of AI coding tools. This means that much of the code written by AI is ultimately rewritten by humans. The initial writing may be quick, but the time required to verify whether that code will function in production, make corrections, and conduct tests does not disappear; rather, it increases.

A study from Stanford University (2023) also found that developers using AI coding tools were more likely to write code containing security vulnerabilities compared to those who did not use them. Moreover, developers assisted by AI were more confident that their code was safe. This is the most concerning aspect.

Let’s consider this in the context of SMEs. Suppose a company decides to in-house the development of a small internal tool that was previously outsourced. If the traditional outsourcing cost was 500,000 yen, the internal staff could create it using AI in just one week. The cost would be 100,000 yen in labor plus 3,000 yen for the tool. They might celebrate having ‘saved 400,000 yen.’

But what if there are bugs in that code? What if there are security holes? Who will review it? SMEs typically do not have dedicated code reviewers. If a bug is discovered in the production environment, halting operations and taking three days to recover—what would that loss amount to?

They only see the ‘generation cost’ and ignore the ‘quality cost.’ This is the biggest trap.

Do Quality Gates Function as a ‘Breakwater’?

As one potential solution to this problem, tools that automatically assess the quality of AI-generated code have emerged.

For example, there are ‘quality gates’ that detect whether code is AI-generated and check if it meets quality standards. When integrated into a CI pipeline (a system for automatically testing and deploying code), it can prevent code that does not meet standards from being deployed to production.

This is a positive direction. However, let’s think calmly about it.

To implement quality gate tools, a CI/CD pipeline must first be established. Test code must be written. Quality standards must be defined. —How many SMEs have all of this in place?

Large companies have dedicated DevOps teams. They have documentation for quality standards. But in a company with 30 employees, where there may or may not be an IT systems manager, the introduction of a quality gate itself becomes a project.

In other words, the existence of tools is good news, but whether SMEs can use them as they are is another question.

So, does this mean SMEs should not use AI coding?

No, it’s a matter of how to use it.

If you read Torvalds’ criticism closely, he does not say ‘AI is unusable.’ He says, ‘Do not trust AI outputs blindly.’ The problem arises when AI-generated bug reports are passed to the development team without verification. Accidents occur when AI-written code is deployed to production without review.

There are three key points for SMEs to achieve results with AI coding.

1. Use it as a ‘Draft’ rather than ‘Final Product’

AI-generated code is not a ‘finished product’ but a ‘draft.’ It must be read, understood, and modified by humans before it can be used. Just sharing this premise can significantly reduce the likelihood of accidents.

As a company rule, ‘AI-generated code must be reviewed by at least one person before merging’—that’s all it takes. No expensive tools are needed. GitHub’s pull request feature (which is free) is sufficient.

2. Narrow Down ‘What to Use It For’

AI coding excels in routine tasks. Reading CSVs, calling APIs, validating forms—these are areas where AI shines, and bugs are easier to identify.

Conversely, it is risky to have AI write the core parts of business logic—such as ‘apply discounts only under this condition’ or ‘prioritize this inventory for this customer’—which are unique rules to the company. AI does not understand the ‘meaning’ of those rules.

Routine tasks for AI, business logic for humans. Just drawing this line can significantly reduce quality costs.

3. Make ‘Cost Calculation’ a Habit

When developing with AI, I encourage you to adopt the habit of recording the following numbers:

• Time spent on AI generation
• Time spent on review and modification
• Time spent on bug fixes after production deployment

The sum of these three represents the ‘true development cost.’

For instance, if it took one hour for AI to generate code, three hours for review and modification, and two hours for bug fixes, the total would be six hours. If the engineer’s hourly wage is 3,000 yen, that amounts to 18,000 yen. It is entirely possible that the same code could have been written by a human from the start in five hours for 15,000 yen.

Conversely, in cases of routine tasks, something that could take 30 minutes for AI generation plus 30 minutes for review might take three hours for a human to write. This could turn 9,000 yen into 3,000 yen. If you can visualize this difference, you can make data-driven decisions about ‘where to use AI.’

What Torvalds’ Warning Teaches SMEs

Linus Torvalds has led one of the most successful open-source projects in the world for over 30 years. His warning to ‘not trust AI outputs blindly’ is significant.

This is not a rejection of AI. It is a reminder that ‘AI outputs always come with a cost. Do not ignore that cost.’

Large companies have systems in place to absorb those costs. They have reviewers. They have test automation. They have security teams. SMEs do not have these resources. Therefore, the judgment of ‘where to use it’ and ‘how to use it’ is required to be even more critical than in large companies.

On the flip side, SMEs that can make these judgments correctly can reap the benefits of AI in the most cost-effective manner. There is no need for full-scale implementation like in large corporations. Find the points in your business where ‘AI is overwhelmingly faster’ and focus your efforts there. Being small allows for quicker decision-making. Experiment, measure, and stop if it doesn’t work. This cycle is a privilege of SMEs.

AI coding is not a ‘magic wand.’ It is a ‘tool that can become costly if used incorrectly.’

First, I encourage you to try AI for just one aspect of your development process. Then, record all the time spent. Those numbers will reveal the ‘true price’ of AI for your company.