When Not to Use AI

Patterns beginner 8 min

Sources verified Dec 23

A decision framework for identifying when manual coding is safer, faster, or more appropriate than AI assistance.

AI coding tools are powerful, but they're not always the right choice. Knowing when NOT to use AI is as important as knowing how to use it well. This framework helps you make that judgment call.

The Non-Use Decision Tree

                    ┌─────────────────────────┐
                    │    Is this code...      │
                    └───────────┬─────────────┘
                                │
        ┌───────────────────────┼───────────────────────┐
        ▼                       ▼                       ▼
┌───────────────┐    ┌───────────────────┐    ┌─────────────────┐
│  Security-    │    │  Novel/Complex    │    │  Well-Defined   │
│  Critical?    │    │  Problem?         │    │  Pattern?       │
└───────┬───────┘    └─────────┬─────────┘    └────────┬────────┘
        │                      │                       │
        ▼                      ▼                       ▼
   ┌─────────┐           ┌──────────┐           ┌───────────┐
   │ YES:    │           │ YES:     │           │ YES:      │
   │ Manual  │           │ Manual   │           │ Use AI    │
   │ + Review│           │ First    │           │ + Review  │
   └─────────┘           └──────────┘           └───────────┘

Category 1: Security-Critical Code

Always write manually (or use AI with extreme scrutiny):

Context	Why AI Fails	What To Do
Authentication/Authorization	AI often uses insecure defaults	Manual + security review
Cryptographic operations	Subtle errors are catastrophic	Use audited libraries manually
Input validation	AI misses edge cases	Manual + fuzzing
Financial calculations	Precision errors compound	Manual + property-based tests
HIPAA/PCI/SOC2 compliance	AI doesn't understand legal context	Human ownership required

45% of AI-generated code contains security vulnerabilities (Veracode 2025). For security-critical code, the verification cost often exceeds the generation benefit.

Category 2: Novel or Complex Problems

AI struggles when:

• The problem requires deep understanding of your specific domain
• There's no clear pattern in training data
• The solution requires multi-step reasoning across files
• Business logic is subtle or exception-heavy

The Test: Can you explain the solution clearly in a prompt?

• If YES → AI can help
• If NO → You need to understand it first

Category 3: Learning & Skill Development

Don't use AI when:

• You're learning a new language/framework (build muscle memory first)
• The task builds foundational skills you need
• You're a junior developer who hasn't internalized patterns
• Interview prep (you need to do it yourself)

The Stanford Finding: Ages 22-25 in AI-exposed roles saw 13% relative decline in employment. AI can accelerate experts but may hinder skill development.

The Quick Decision Matrix

Scenario	AI Appropriate?	Why
Boilerplate CRUD endpoints	✅ Yes	Well-defined pattern
JWT authentication from scratch	❌ No	Security-critical
Regex for email validation	⚠️ Careful	Test thoroughly
Algorithm you've never implemented	❌ No	Learn it first
Migrating code between frameworks	✅ Yes	Pattern matching
Writing unit tests for your code	✅ Yes	Well-defined task
Debugging production issue	⚠️ Careful	AI lacks runtime context
SQL with user input	❌ No	Injection risk

The 'Would I Trust a Junior?' Test

If you wouldn't trust a junior developer to write this code unsupervised, don't trust AI unsupervised either. AI has similar failure modes: misses edge cases, uses outdated patterns, doesn't understand business context.

When AI Is the Wrong Tool (Even If It Could Help)

1. Time pressure with no review time — Fast AI output + no review = bugs shipped
2. Unfamiliar codebase — AI can't tell you if code matches existing patterns
3. Compliance documentation required — You need to prove human judgment
4. Team skill assessment — Using AI hides gaps that need addressing

The Managed Use Alternative

Complete non-use is often too extreme. Consider managed use instead:

Instead of...	Try...
Avoiding AI for security code	AI generates, then security-tuned AI reviews
Never using AI for auth	AI handles boilerplate, you handle logic
Manual-only for compliance	AI drafts, human documents decisions

The goal isn't AI avoidance—it's appropriate trust calibration.

Key Takeaways

• Security-critical code requires manual writing or extreme AI scrutiny
• Novel problems need human understanding before AI can help
• Learning scenarios often benefit from AI-free practice
• Use the 'Would I Trust a Junior?' test for AI appropriateness
• 45% AI code vulnerability rate means verification cost can exceed generation benefit
• Managed use (AI + review) often beats complete avoidance
• Time pressure without review time = don't use AI

In This Platform

This platform applies non-use judgment: we use build-time validation (no runtime AI), static compilation (no generation on request), and human-authored content (AI assists research but humans write). These choices optimize for reliability and source-backed claims.

Relevant Files:

• build.js
• CLAUDE.md

Related Concepts

Understanding AI LimitationsGuardrailsTDD for AI Agents

Prerequisites

Understanding AI Limitations

Sources

✓ Veracode: 45% of AI-generated code contains security vulnerabilities ⓘ

×

October 2025 Update: GenAI Code Security Report

Veracode

This is the primary source for our 45% security vulnerability claim. The October 2025 update confirms that AI code security issues persist even with newer models. The finding that 'bigger models ≠ more secure code' is important for our model_routing dimension - it suggests security scanning is needed regardless of which model is used. The 72% Java-specific rate mentioned in our citations may be from the full PDF report.

Key Findings:

• AI-generated code introduced risky security flaws in 45% of tests
• 100+ LLMs tested across Java, JavaScript, Python, and C#
• Larger, newer AI models didn't improve security

Credibility: high

View Source ↗

✓ Stanford Digital Economy Lab / Stanford HAI: Ages 22-25 in AI-exposed roles saw 13% relative employment decline ⓘ

×

Canaries in the Coal Mine? Six Facts about the Recent Employment Effects of Artificial Intelligence

Stanford Digital Economy Lab / Stanford HAI

This is the most credible source on AI's employment impact on junior developers. The 13% relative decline for ages 22-25 in AI-exposed roles is significant but more nuanced than previously cited '25% decrease'. Key insight: the impact is concentrated where AI automates rather than augments - this supports our team_composition dimension's focus on mentorship and skill development. Updated November 2025.

Key Findings:

• Early-career workers (ages 22-25) in AI-exposed occupations experienced 13% relative decline in employment
• Adjustments occur primarily through employment rather than compensation
• Employment declines concentrated in occupations where AI automates rather than augments labor

Credibility: high

View Source ↗

✓ METR: Experienced devs feel 20% faster while being 19% slower—perception gap is real ⓘ

×

Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity

METR

This is the most rigorous 2025 study on AI coding productivity. The RCT methodology (16 experienced developers, 246 tasks, $150/hr compensation) makes this highly credible. The 39-44 percentage point gap between perceived and actual productivity is the key insight for our trust_calibration dimension. This directly supports recommendations about not over-trusting AI suggestions and maintaining verification practices.

Key Findings:

• Experienced developers were 19% slower with AI
• Developers perceived 20% speedup (39-44 percentage point gap)
• Self-reported productivity may not reflect reality

Credibility: high

View Source ↗

✓ Addy Osmani: Trust but verify: AI as 'Copilot, Not Autopilot' ⓘ

×

The 'Trust, But Verify' Pattern For AI-Assisted Engineering

This article provides the conceptual framework for our trust_calibration dimension. The three principles (Blind Trust is Vulnerability, Copilot Not Autopilot, Human Accountability Remains) directly inform our survey questions. The emphasis on verification over speed aligns with METR findings. Practical guidance includes starting conservatively with AI on low-stakes tasks.

Key Findings:

• Blind trust in AI-generated code is a vulnerability
• AI tools function as 'Copilot, Not Autopilot'
• Human verification is the new development bottleneck

Credibility: high

View Source ↗