Amazon lost 6.42 million orders in 3 days in early March 2026. Two separate incidents. Both tied to AI-generated changes reaching production without adequate review. That is not a cautionary tale about the future of AI in software development. That is a post-mortem from last week.
The Harness report, released March 11, puts numbers on what a lot of engineers already felt. Among developers using AI coding tools multiple times daily, 69% report frequent deployment problems. Security incidents are up for 53% of those same heavy users. Average incident recovery runs 7.6 hours, compared to 6.3 hours for weekly users. The more you lean on the tools, the worse your recovery looks. That is not a coincidence. That is the tradeoff the press releases skipped.
Speed Without a Safety Net Is Just Faster Falling
Cursor and Claude Code generate entire features now. GitHub Copilot users accept roughly 30% of suggestions. At that acceptance rate, across a large org, the volume of AI-authored code reaching review queues is substantial. The problem is not the code quality in isolation; it is that 73% of teams lack standardized deployment pipelines, and only 21% can build and deploy in under 2 hours. You have accelerated the input and left the output process untouched. Every pipeline bottleneck that existed before AI is now under more pressure, processing faster, with less margin for the manual QA that used to catch the weird stuff.
Amazon's internal document on the March 2 incident said it plainly: GenAI usage in control plane operations will accelerate exposure of sharp edges and places where guardrails do not exist. That sentence should be pinned in every engineering org that added Copilot to the standard toolchain and called it a productivity initiative.
The AI security agent failures documented March 13 are a separate but related problem. Claude Code, OpenAI Codex, and Gemini all repeated basic flaws: missing OAuth state parameters, insecure linking patterns. These are not obscure edge cases. They are the kind of thing a second pair of human eyes catches in review. When AI generates the code and AI reviews the code, you need to ask whether you have actually added a check or just created the appearance of one.
Amazon's Fix Works Until It Doesn't
Amazon's response was a 90-day reset, dual reviews, and senior sign-offs for AI-generated changes. I understand why they did it. It also does not scale. If AI triples your code output and your review process stays linear, the backlog becomes the new outage risk. You solve the immediate problem and defer a larger one.
The fair point for the other side: these tools do accelerate delivery, and most of the deployment problems are not in the AI, they are in the pipelines AI is exposing. Automating those pipelines is the right answer. I agree. But that argument is being used to absolve the tools of accountability for shipping code that actively introduces vulnerabilities, and that is where it breaks down for me.
The specific fix I want to see is not more human review; it is automated gate enforcement before merge. Feature flags, staged rollouts, automated regression suites that run on every AI-generated commit before it touches production. Tools like Harness and ArgoCD already support this. The adoption rate just has not kept pace with how aggressively teams are deploying AI-generated code.
You do not slow down AI adoption. You build the safety net first, then accelerate. Amazon learned that at 6.42 million orders. You can learn it cheaper.
