Do you remember this Quora comment (which also became a meme)?
(Source: Quora,
In the pre-Large Language Model (LLM) StackOverflow era, the challenge was sensible Who Code snippets to effectively adopt and customize. Now, while it has become moderately easier to create code, the more serious challenge lies in reliably identifying and integrating high-quality, enterprise-grade code into production environments.
This article will examine the practical pitfalls and limitations when engineers use modern coding agents for real enterprise work, addressing more complex issues around integration, scalability, accessibility, evolving security practices, data privacy, and maintainability in live operational settings. We hope to balance the hype and provide a more technically based view of the capabilities of AI coding agents.
Limited domain understanding and service limitations
AI agents struggle greatly with designing scalable systems due to the sheer lack of options and severe lack of enterprise-specific context. To describe the problem in broad strokes, large enterprise codebases and monorepos are often too vast for agents to learn directly from them, and critical knowledge can often be fragmented into internal documentation and personal expertise.
More specifically, many popular coding agents face service limitations that hinder their effectiveness in large-scale environments. For repositories larger than 2,500 files or indexing features may fail due to memory constraints or quality may degrade. Additionally, files larger than 500 KB are often excluded from indexing/search, which affects decades-old, established products with large code files (although newer projects may encounter this less frequently).
For complex tasks involving extensive file references or refactoring, developers are expected to provide relevant files and clearly define the refactoring process and surrounding build/command sequences to validate the implementation without introducing feature regressions.
Lack of hardware context and usage
AI agents have demonstrated a serious lack of awareness regarding the OS machine, command-line, and environment installation (conda/venv). This shortcoming can lead to frustrating experiences, such as the agent attempting to execute Linux commands on Powershell, resulting in persistent ‘unrecognized command’ errors. Furthermore, agents often exhibit inconsistent ‘wait tolerance’ in reading command output, especially on slower machines, declaring inability to read the result prematurely before the command has finished (and proceeding to either retry/abandon).
It’s not just about this nitpicking features; Rather, the devil is in these practical details. These experience gaps appear as real points of friction and require constant human vigilance to monitor agent activity in real time. Otherwise, the agent may ignore the initial tool call information and either close prematurely, or proceed with a half-baked solution, which requires undoing some/all changes, re-triggering signals, and wasting tokens. Submitting a prompt on Friday evening and expecting the code to be updated when you check on Monday morning is not a guarantee.
hallucinations end Repeated action
Working with AI coding agents often presents a prolonged challenge of hallucinations, or large variations of incorrect or incomplete information (such as small code snippets), which a developer is expected to fix with minimal effort. However, what becomes especially problematic is when it is mistreated. Repeated Within the same thread, users are forced to either start a new thread and provide all context again, or manually intervene to “unblock” the agent.
For example, during Python function code setup, an agent implementing complex production-readiness changes encountered a file (see below) containing special characters (parentheses, period, asterisk). These letters are very common in computer science to denote software version,
(The image is created manually with boilerplate code. Source: Microsoft Learn And Editing the application host file (host.json) in the Azure portal,
The agent mistakenly marked it as unsafe or of harmful value, causing the entire production process to halt. This misidentification of the adversary attack was repeated 4 to 5 times despite various prompts to restart or continue the modification. This versioning format is actually boilerplate, which exists in the Python HTTP-triggered code template. The only successful solution involved instructing the agent No Read the file, and instead simply request him to provide the desired configuration and be assured that the developer will manually add it to that file, confirm, and ask to continue with the remaining code changes.
The inability to exit the faulty agent output loop repeatedly within the same thread highlights a practical limitation that wastes considerable development time. In short, developers now spend time debugging/refining AI-generated code instead of StackOverflow code snippets or their own.
Lack of enterprise-grade coding practices
Security Best Practices: Coding agents often default to less secure authentication methods such as key-based authentication (client secret) rather than modern identity-based solutions (such as Entra ID or federated credentials). This oversight can introduce significant vulnerabilities and increase maintenance overhead, as key management and rotation are complex tasks that are increasingly restricted in enterprise environments.
Old SDKs and reinventing the wheel: Agents cannot consistently take advantage of the latest SDK methods, generating more verbose and difficult-to-maintain implementations instead. Based on the Azure Function example, agents output code using the pre-existing v1 SDK for read/write operations, instead of the cleaner and more maintainable v2 SDK code. Developers should research the latest best practices online to have a mental map of dependencies and expected implementations that ensures long-term maintainability and minimizes upcoming technical migration efforts.
Limited intent detection and repetitive code: Even for small-scope, modular tasks (which are typically encouraged to reduce confusion or debugging downtime) such as extending an existing function definition, agents can follow instructions. Literally and produce arguments that prove almost repetitive without anticipating what is to come latent Developer needs. That is, the agent in these modular tasks cannot automatically identify and refactor similar logic in shared tasks or improve class definitions, making it difficult to manage codebases with technical debt and particularly vibe coding or lazy developers.
Simply put, those viral YouTube reels that demonstrate rapid zero-to-one app development from a single-sentence prompt fail to capture the subtle challenges of production-grade software, where security, scalability, maintainability, and future-proof design architectures are paramount.
confirmation bias alignment
Confirmation bias is a significant concern, as LLMs often confirm user premises, even when the user expresses doubt and asks the agent to refine their understanding or suggest alternative ideas. This trend, where models align with what the user wants to hear, leads to lower overall output quality, especially for more objective/technical tasks like coding.
there is abundant literature To suggest that if a model says “You’re perfect!” As the output of the claim begins, the rest of the output tokens justify the claim.
constant need for child care
Despite the allure of autonomous coding, the reality of AI agents in enterprise development often demands constant human vigilance. Examples such as agents attempting to execute Linux commands on PowerShell, introducing false-positive security flags or inaccuracies for domain-specific reasons highlight significant gaps; Developers can’t walk away that easily. Rather, they must constantly monitor the logic process and understand multi-file code additions to avoid wasting time with shoddy responses.
The worst possible experience with agents is that a developer accepts a bug-filled multi-file code update, then wastes time debugging because of how ‘pretty’ the code looks. This can also lead to sunk cost fallacy Hopefully the code will work after just a few tweaks, especially when updates are to multiple files in a complex/unfamiliar codebase with connections to multiple independent services.
This is akin to collaborating with a 10-year-old genius who has memorized substantial knowledge and even addresses every part of the user’s intent, but prefers to show off that knowledge rather than solve the actual problem, and lacks the foresight needed for success in real-world use cases.
it "babysitting" The necessity, coupled with the frustrating repetition of hallucinations, means that the time spent debugging AI-generated code can eclipse the time savings anticipated with the use of an agent. Needless to say, developers in large companies need to be very intentional and strategic in navigating modern agentic tools and use-cases.
conclusion
There’s no doubt that AI coding agents are nothing short of revolutionary, accelerating prototyping, automating boilerplate coding and changing the way developers create. The real challenge now is not producing the code, but knowing what to send, how to secure it and where to scale it. Smart teams are learning to filter out hype, use agents strategically, and double down on engineering decisions.
GitHub as CEO Thomas Dohmke recently observed: The most advanced developers “have moved from writing code to architecting and validating the implementation work performed by AI agents.” In the agentic age, success does not belong to those who can code, but to those who can engineer long-lasting systems.
Rahul Raja is a staff software engineer at LinkedIn.
Advitya Ghemawat is a Machine Learning (ML) Engineer at Microsoft.
Editors’ Note: The opinions expressed in this article are the personal opinions of the authors and do not reflect the opinions of their employers.
<a href