The agentic SDLC
In an agentic software lifecycle, AI agents do not just autocomplete - they plan, build, test, and hand off finished work across the whole lifecycle. The developer's job moves from writing code to setting intent and verifying results. That single shift moves the bottleneck from coding speed to verification.
What changes
tl;drThe agentic SDLC is a delivery practice where AI agents participate meaningfully across the full lifecycle: planning, coding, testing, reviewing, deploying, and operating. The defining trait is autonomy - agents pursue a goal across many steps without a human directing each one. Humans establish intent, agents execute the workflow, and humans review the result. Velocity stops being the hard part; confidence in what was produced becomes the constraint.
Three operating models
interactiveAgentic is not the same as AI-assisted. The difference is who owns execution. Flip between the three models to see where the work sits and where the bottleneck lands.
Developers set intent; agents pursue the goal across many steps without a human directing each one; developers review the result. The work moves from doing to verifying.
AI-assisted means the developer is still the executor - the AI just helps faster. Agentic means the AI owns the loop end to end and returns a completed artifact. The work that remains for the human is verification, not authoring.
Four required capabilities
exploreAn effective agentic SDLC needs all four of these at once - any one missing and autonomy turns into risk. Pick a capability to see what it is, why it matters, and what breaks without it.
Context
Access to the whole operating picture - code, tickets, docs, monitoring, cloud - not a single repository.
An agent reasoning from one file makes locally sensible changes that miss system-wide intent.
Changes are technically valid but ignore the constraints living in the rest of the org.
The agentic lifecycle
interactiveThe same five phases as ever - but agent autonomy is highest in development and testing, while human involvement climbs back up at review. Walk the phases to watch the bottleneck slide toward verification.
Review
verification load · highGenerates code faster than teams can verify it; automated review must run at generation speed.
Reconstructs intent across multi-file, multi-iteration changes - harder than reviewing human code.
Agents generate code faster than teams can verify it, and reconstructing intent across multi-file, multi-iteration changes is harder than reviewing human code. Velocity rises everywhere upstream; the pressure all lands on review.
The verification gap
interactiveThe gap is measurable. Analyzing 470 open-source PRs, agentic code carries more issues than human-only code on every axis. Pick a metric to compare human-only against AI-co-authored output.
AI-co-authored PRs carry roughly 68% more issues than human-only PRs.
The gap shows up as four recurring problems that surface-level tooling does not catch:
Behavioral drift
Individual changes are sensible at each step but collectively introduce subtle behavioural changes.
Standards inconsistency
Different agents apply different interpretations of what good code quality means.
Security opacity
Vulnerabilities in agentic output aren't visible through standard linting or static analysis.
Governance gaps
Engineering leaders have no reliable way to understand what agents shipped.
What review must do at agentic speed
principlesLinters and static analysis handle surface-level issues - and that is no longer enough. Review at agentic speed has to do four things that generic tooling cannot.
Codebase context
Evaluate changes against the actual patterns and standards of that specific codebase, not generic best practices.
Consistent standards
Apply the same bar regardless of origin - senior engineer, junior, or agent.
Generation-speed throughput
Run at the speed of generation, not the speed of human attention.
Actionable specificity
Explain each finding with enough detail to be useful, not just flag it.
Who does what
interactiveThe work splits into three lanes. Click a task to see where it belongs and why - the matching lane lights up.
Agents handle
- Multi-file changes
- Test loops
- Refactors
- Scaffolding
Verification at agentic speed
- Codebase-context checks
- Standards enforcement
- Security & style checks
- Volume management
Humans handle
- Architecture
- Design trade-offs
- System-level decisions
Workflows already in production
referenceThese are not hypothetical - they are agentic workflows running today, each one a goal pursued across many steps with a human verifying the result.
Debugging
Receives a failing test, traces execution, hypothesizes causes, iterates fixes.
Refactoring
Analyzes architectural problems and proposes restructuring across multiple files.
Security scanning
Searches for vulnerabilities and reports them with actionable context.
Feature development
Completes the full cycle from ticket to pull request.
Incident response
Root-causes production alerts and proposes fixes in the Slack thread.
Documentation
Auto-updates docs from merged pull requests.
Putting it to work
takeawaysFour principles that fall out of ownership, the lifecycle, and the verification gap.
Scope intent precisely
Agents excel where intent is expressed precisely. A vague ticket produces a vague PR regardless of how capable the agent is.
Elevate planning
The cost of unclear intent rises when an agent iterates fifteen times before a human ever looks. Plan more, not less.
Make review the active layer
Automated review runs at generation speed; reserve human review for the decisions that need domain judgement.
Define standards once
One set of guidelines applied in the agent config, the review layer, and CI - so nothing is enforced in only one place.