AI Code Review: What It Catches, What It Misses, and What Only You Can Find

Understanding what AI catches and misses requires clear context about the workflow environment it operates inside. Here is the practical progression of my tooling stack over the past 6 months, and the structural friction that forced each evolution.

Codeium was my initial entry point. It remains excellent for fast inline autocomplete—highly context-aware for the specific file you are modifying. However, as my development tasks scaled in architectural complexity, I hit a hard ceiling. I was no longer writing isolated utility functions; I was building full ERP modules with cross-file dependencies, custom hooks, and shared global state. Codeium's inline autocomplete had no answer for holistic system questions.

ChatGPT briefly stepped in to fill that gap. I would paste standalone blocks of logic and ask for optimizations. While it generated clean, well-commented code, it introduced a modern frustration: snippet output. ChatGPT tells you *what* to write, but not *where* to put it. When managing large codebases, manually stitching disparate code snippets together introduces high friction and human context-switching errors.

Cursor changed the paradigm by operating over entire files and broad project contexts. Asking it to implement a feature meant it directly edited the target file rather than dumping a raw text block. Yet, as utilization intensified across dense ERP architectures, pricing scales and token caps on heavy multi-file logic passes created real project friction.

Google Gemini Code Assist is my primary environment for daily active development. I run it through a third-party IDE wrapper that allows larger context windows than the default plugin setup—if you have used Gemini Code Assist beyond VS Code's standard plugin, you will recognize the workflow. The transition was driven by an optimal price-to-token ratio, providing seamless access to massive context allowances. For initial logic architecture and deep logic audits, I still consult Claude directly.

OpenAI Codex App serves as my dedicated command center for repository-wide verification passes. Running as an isolated native desktop platform, it allows me to deploy parallel coding agents inside independent sandboxed worktrees. This lets me run intensive multi-file audits, check deep dependency trees, and execute verification scripts right before creating a pull request without disrupting my local development state.

After 6 months of daily deployment across complex production codebases, certain error categories are consistently flagged by AI tools before the code ever reaches human review.

Duplicate Functions and Redundant Logic This is AI's most reliable triumph in massive codebases. In ERP systems, where codebases expand over months and multiple hands touch shared modules, it is incredibly easy to accidentally rewrite an existing utility. My tools consistently catch this, flagging items like: *'This logic mirrors formatCurrency inside utils/formatters.ts.'* This saves valuable engineering time and prevents subtle behavioral divergence across duplicate files.

Calculation Errors in Self-Contained Utilities When scoped to a self-contained function, AI is highly proficient at catching off-by-one errors, incorrect operator precedence, and faulty unit conversions. In enterprise ERP systems, calculation flaws in landed cost formulas or tax computation modules destroy client trust instantly. AI has successfully caught these—provided the calculation doesn't rely on external, mutating states.

Direct React State Mutations In simpler components, AI reliably detects anti-patterns like pushing directly to an array or mutating nested objects without proper spreading. While runtime tools like React's Strict Mode catch many of these during testing, AI eliminates them before the app is even compiled.

One of the most valuable operational lessons I have learned over the past 6 months involves a concept I rarely see discussed honestly: context complexity vs. context length.

While building a Material Requirements Planning (MRP) allocation table—a highly dense ERP module where allocation quantities, supply constraints, and fulfillment priorities dynamically cascade across hundreds of rows—I originally fed the entire prompt and system specification into the AI in a single pass.

Every tool failed. They didn't provide slightly sub-optimal code; they returned confidently flawed logic that *looked* correct superficially but completely violated structural constraints upon rigorous execution tracing. The models repeatedly broke dependencies, misallocated cascading quantities, and introduced state updates that would cause silent failures under specific edge-case inputs.

I then shifted strategies and chunked the task into highly localized modules: 1. One prompt exclusively handling the core math of allocation logic. 2. One prompt defining data-validation constraints. 3. One prompt establishing the immutable React state update pattern. 4. A final prompt directing the AI to audit the individual modules against one another.

The result? Every single component came back clean, and the final assembled system executed perfectly in production.

This is the core mental model for modern development: AI is a precision instrument, not a general-purpose architect. Give it an isolated, micro-scoped problem with explicit boundaries, and it performs flawlessly. Give it a broad system-design task disguised as a coding prompt, and it hallucinates. If a feature description takes longer than a 2-minute verbal explanation to a senior developer, it must be chunked before it touches an LLM.

To extract true value from AI tools, you must understand exactly where they fail. Here are the clear runtime issues that AI completely missed in my production environments.

Asynchronous Race Conditions in Stateful Tables This caused my most significant production bug over the last 6 months. Our batch item table allows rapid, concurrent user mutations that trigger cascading calculations. A complex race condition developed where rapid clicks caused overlapping asynchronous state updates to override each other.

Despite running the component through multiple AI passes, not a single tool flagged the issue. Because AI conducts static code analysis, it struggles to project execution timing and component lifecycle shifts across erratic user interactions. I had to manually trace the execution frames to resolve it. The AI was stellar at helping me refactor the fix, but entirely blind during the discovery phase.

Web Worker Memory Management I implemented a Web Worker system to handle intensive client-side calculations. Suspicious of potential memory leak vectors due to rapid, event-driven worker spawning, I tasked my AI stack with auditing the cleanup patterns. Every tool gave the code a clean, confident pass.

My manual profiling proved otherwise. The architecture was failing to reliably terminate workers under specific edge-case exceptions, leaving ghost processes active. The AI verified that the cleanup code looked structurally valid, but it could not verify whether that cleanup was executed reliably across every runtime execution path.

Custom Component Layout and Cascading CSS Bugs While building a proprietary, non-library data grid to meet strict UX demands, I ran into severe visual bugs—padding misalignments in fixed sidebars and layout collapsing under unexpected data payloads.

AI proved almost entirely useless here. I provided the code, explicitly described the layout breakage, and the tools repeatedly claimed to have fixed the issue. The rendered output remained broken. Without a native visual and stylistic feedback loop, AI is merely guessing at CSS cascade overrides and layout constraints.

The greatest danger with AI integration isn't incorrect syntax—it is how flawlessly the AI communicates its wrong answers.

Industry data from Qodo's 2026 analysis of production codebases suggests that even advanced AI review tools detect roughly half of real-world runtime bugs on average—meaning a clean AI pass still leaves a significant portion of actual bugs undetected. This figure aligns directly with my production experience: the bugs AI missed were not minor edge cases. They were race conditions and memory management failures that required hours of manual profiling to find.

Modern developer tools are increasingly capable of noting minor gaps, but they still drastically over-index on giving a clean bill of health. When evaluating my Web Worker implementation, not a single tool stated: *'This syntax is valid, but resource management in event-driven workers cannot be verified without local profiling.'* Instead, they delivered an absolute, green-lit clearance.

This behavior becomes dangerous when tight deadlines tempt engineers to use AI clearance as a substitute for testing. Believing *'the AI said it looks good'* before a critical git commit is an easy trap to fall into.

The defensive engineering mindset you must maintain:

> AI is highly reliable at telling you your code is probably wrong (a high-signal bug flag). It is fundamentally unreliable at telling you your code is definitely right (a weak-evidence clean pass).

Treat an AI bug flag as a high-priority signal to act on immediately. Treat an AI clean pass as a statement that still requires human validation—not a guarantee.

These observations are pulled from real-world, daily production workflows—highlighting how different tools excel at distinct operational stages.

Cursor (with Claude Sonnet) My absolute go-to for refactoring established, functioning blocks of code. When I manually mapped out the batch table race condition, Cursor executed the heavy lifting of restructuring the state trees flawlessly. Its full-file editing model integrates code seamlessly, understanding the surrounding context far better than standard standalone chat interfaces.

Google Gemini Code Assist My primary code-generation engine. The massive token context and cost-efficient structure make it incredibly powerful for writing out large, chunked functions and exploring multi-file structural drafts without encountering constant token ceiling limitations. I run it with an extended context configuration beyond the standard VS Code plugin defaults, which significantly improves its coherence on large ERP files.

Claude (Direct Chat Interface) I use Claude directly for high-level logic design and architectural auditing. Claude remains the most reliable model for identifying structural edge cases and is noticeably more willing than its competitors to flag potential logical flaws with caveats rather than giving blind passes.

OpenAI Codex App (Desktop Agent Platform) My preferred platform for deep repository-wide automated audits. Running parallel agent threads within isolated local sandboxes means it can automatically explore the codebase, check dependencies, and safely dry-run test sequences across independent worktrees without corrupting my active local environment. It functions as an automated junior engineer handling pre-PR validation checks.

To maintain velocity without introducing production regression, use this operational framework. These categories are drawn directly from 6 months of production sprints—not theoretical scenarios.

Trust AI for first-pass review on narrow, well-defined tasks where the input and output are clear and self-contained. AI performs reliably when it doesn't need to reason about runtime state, user interaction sequences, or external system behavior. It will catch the obvious issues, flag known anti-patterns, and clean up redundant logic quickly.

Verify manually on anything involving time, sequence, visual rendering, or domain-specific business logic. These are dimensions that static analysis cannot model. Your browser's performance profiler and DevTools are irreplaceable here—no AI tool substitutes for watching your component's actual execution in real time.

Chunk before sending whenever the task exceeds a clean 2-minute verbal explanation. If you cannot state the full scope, inputs, outputs, and constraints in a short spoken summary, the task is too large for a single AI prompt. Break it down first, then engage AI on each isolated piece.