AI is useful in code review when it reduces scanning cost, not when it replaces technical judgment. The failure mode is simple: the review feels fast, but risky assumptions slip through because no one owned the final call.

Use the developer AI unit page as the index for follow-up posts on debugging, tests, documentation, and narrower review workflows.

1. Use AI for first-pass scanning

AI is good at summarizing changed files, spotting repeated patterns, and pointing out obvious omissions. That makes it a strong first-pass filter.

2. Keep ownership on risky decisions

Security, data integrity, auth, payment, and migration logic should never be accepted because an AI review looked confident. Those areas still need explicit manual review.

Examples include permission checks, SQL queries, race conditions around background jobs, and migration scripts that change production data.

3. Check assumptions, not just comments

The most valuable review step is testing whether the AI assumed hidden context. If a suggestion depends on a file, env var, or behavior that does not exist, the review is already off track.

4. Lock a short checklist

A practical checklist can stay small: changed scope, risky path, missing tests, hidden assumptions, and rollback impact. If AI cannot help you on one of those, the manual reviewer should still cover it.

What to do first

Take one recent pull request and run it through a five-point checklist. Compare that with an AI-assisted pass, then keep only the review steps that clearly reduce time without reducing trust.