When NOT to Use AI for Coding

AI is a power tool. Some tasks are wrong for it. Learn the categories where AI assistance reliably makes things worse, and the human-only judgment calls AI cannot replace.

11 min · Reviewed 2026

Not Every Nail Wants This Hammer

Defaulting to AI for every coding task is like defaulting to a chainsaw for every cut. Sometimes you need a scalpel. Sometimes you need a butter knife. The mature engineer knows when to put the chainsaw down.

Categories where AI reliably degrades quality

Category	Why AI fails	Use instead
Cryptography	Off-by-one in a hash invalidates security	Vetted libraries (libsodium, ring, NaCl) — no rolling your own
Database migrations on prod data	Irreversible — no test catches lost rows after the fact	Reviewed migrations, dry runs, backups, ops
Performance-critical inner loops	Optimizations are non-obvious, profiling-driven	Profiler + human; AI for explanation, not generation
Auth and authorization logic	Subtle bugs become CVEs	Established libraries; security review for changes
Code that interprets legal/policy text	Hallucination meets liability	Lawyer-reviewed; AI as draft only with human verification
Anything you can't roll back	Mistakes compound; review tax can't catch them	Manual + checklists + four-eyes

Tasks where AI shines vs. where it fails

Shines: boilerplate, regex, glue code, file format conversion, test scaffolds, refactors with passing tests
Mixed: novel algorithms, performance optimization, debugging unfamiliar codebases
Fails: cryptography, novel concurrency primitives, anything safety-critical, anything that depends on private domain knowledge
Catastrophic: AI-generated database migrations on production, AI-generated security reviews, AI-generated regulatory compliance code

Domain knowledge AI does not have

Models are trained on public code. Your codebase has private knowledge: which deprecated function is still used by a customer, which weird edge case Sarah from accounting depends on, which test is flaky for a real reason and which is flaky for a fake reason. AI cannot know any of this. If a task hinges on this knowledge, AI's contribution will be plausible noise.

Compliance and audit-track work

HIPAA-regulated handling of PHI: every line needs a documented author
PCI-regulated payment flow code: same
SOC 2 audit-trail code: AI authorship complicates traceability
Open-source projects with copyright provenance requirements

When you DO use AI in dangerous categories

# Risk-graded AI use, in increasing caution:

LOW   — Use AI freely:
  scaffolds, tests for safe code, internal tooling, docs, DX scripts

MED   — Use AI as drafter, human edits final:
  business logic, API endpoints, UI components, integrations

HIGH  — AI explains, human writes:
  novel algorithms, perf-critical code, complex SQL on large tables

PROHIBITED — No AI authorship:
  cryptography, auth, prod migrations, financial transfers,
  legal/regulatory code, anything irreversible at scaleA simple four-tier rubric you can apply per file or per repo.

The human-only decisions

Should we build this at all? (product judgment)
Is this user request a good use of company time? (priority)
Is this PR's tradeoff between speed and quality acceptable? (taste)
Will this change cause political problems with team X? (org context)
Is this commit message honest? (integrity)

Practical signals that you should put the AI down

You've been at it 90 minutes and the code is worse than when you started
You can't articulate the requirements clearly enough to prompt — go think first
You're rejecting every suggestion — your instinct is telling you something the AI can't help with
The bug is in code that touches money, identity, or safety — get a human reviewer
You're tempted to commit AI code without reading it because you're tired — that's the signal to stop entirely

The skill is not using AI for everything. It's knowing what not to use it for.
— A skeptical principal engineer

The big idea: AI is a tool with a strong default-on bias. The mature move is to actively decide where it does not belong. Cryptography, irreversible operations, compliance-heavy paths, and decisions that need your private context are categories where the right amount of AI is zero.

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-coding-debug-when-not-to-use-ai-creators

What is the core idea behind "When NOT to Use AI for Coding"?
1. AI is a power tool. Some tasks are wrong for it. Learn the categories where AI assistance reliably makes things worse, and the human-only judgment calls AI cannot replace.
2. mental model
3. Concurrent calls if the function is async — does it race?
4. complexity
Which term best describes a foundational idea in "When NOT to Use AI for Coding"?
1. irreversibility
2. fit-for-purpose
3. domain knowledge
4. compliance
A learner studying When NOT to Use AI for Coding would need to understand which concept?
1. fit-for-purpose
2. domain knowledge
3. irreversibility
4. compliance
Which of these is directly relevant to When NOT to Use AI for Coding?
1. fit-for-purpose
2. irreversibility
3. compliance
4. domain knowledge
Which of the following is a key point about When NOT to Use AI for Coding?
1. Shines: boilerplate, regex, glue code, file format conversion, test scaffolds, refactors with passin…
2. Mixed: novel algorithms, performance optimization, debugging unfamiliar codebases
3. Fails: cryptography, novel concurrency primitives, anything safety-critical, anything that depends o…
4. Catastrophic: AI-generated database migrations on production, AI-generated security reviews, AI-gene…
Which of these does NOT belong in a discussion of When NOT to Use AI for Coding?
1. Mixed: novel algorithms, performance optimization, debugging unfamiliar codebases
2. Fails: cryptography, novel concurrency primitives, anything safety-critical, anything that depends o…
3. mental model
4. Shines: boilerplate, regex, glue code, file format conversion, test scaffolds, refactors with passin…
Which statement is accurate regarding When NOT to Use AI for Coding?
1. PCI-regulated payment flow code: same
2. SOC 2 audit-trail code: AI authorship complicates traceability
3. HIPAA-regulated handling of PHI: every line needs a documented author
4. Open-source projects with copyright provenance requirements
Which of these does NOT belong in a discussion of When NOT to Use AI for Coding?
1. mental model
2. SOC 2 audit-trail code: AI authorship complicates traceability
3. HIPAA-regulated handling of PHI: every line needs a documented author
4. PCI-regulated payment flow code: same
What is the key insight about "The irreversibility test" in the context of When NOT to Use AI for Coding?
1. Before you let AI write or run something, ask: if this is wrong, can I undo it cleanly? If the answer is no — production…
2. mental model
3. Concurrent calls if the function is async — does it race?
4. complexity
What is the key insight about "Disclosure is becoming standard" in the context of When NOT to Use AI for Coding?
1. mental model
2. Many companies and OSS projects now require disclosure of AI-generated commits.
3. Concurrent calls if the function is async — does it race?
4. complexity
Which statement accurately describes an aspect of When NOT to Use AI for Coding?
1. mental model
2. Concurrent calls if the function is async — does it race?
3. Defaulting to AI for every coding task is like defaulting to a chainsaw for every cut. Sometimes you need a scalpel.
4. complexity
What does working with When NOT to Use AI for Coding typically involve?
1. mental model
2. Concurrent calls if the function is async — does it race?
3. complexity
4. Models are trained on public code. Your codebase has private knowledge: which deprecated function is still used by a customer, which weird e…
Which of the following is true about When NOT to Use AI for Coding?
1. The big idea: AI is a tool with a strong default-on bias. The mature move is to actively decide where it does not belong.
2. mental model
3. Concurrent calls if the function is async — does it race?
4. complexity
Which best describes the scope of "When NOT to Use AI for Coding"?
1. It is unrelated to ai-coding workflows
2. It focuses on AI is a power tool. Some tasks are wrong for it. Learn the categories where AI assistance reliably m
3. It applies only to the opposite beginner tier
4. It was deprecated in 2024 and no longer relevant
Which section heading best belongs in a lesson about When NOT to Use AI for Coding?
1. mental model
2. Concurrent calls if the function is async — does it race?
3. Categories where AI reliably degrades quality
4. complexity

← Back to interactive lesson

Tendril · Creators · AI-Assisted Coding

When NOT to Use AI for Coding

AI is a power tool. Some tasks are wrong for it. Learn the categories where AI assistance reliably makes things worse, and the human-only judgment calls AI cannot replace.

11 min · Reviewed 2026

Not Every Nail Wants This Hammer

Categories where AI reliably degrades quality

Category	Why AI fails	Use instead
Cryptography	Off-by-one in a hash invalidates security	Vetted libraries (libsodium, ring, NaCl) — no rolling your own
Database migrations on prod data	Irreversible — no test catches lost rows after the fact	Reviewed migrations, dry runs, backups, ops
Performance-critical inner loops	Optimizations are non-obvious, profiling-driven	Profiler + human; AI for explanation, not generation
Auth and authorization logic	Subtle bugs become CVEs	Established libraries; security review for changes
Code that interprets legal/policy text	Hallucination meets liability	Lawyer-reviewed; AI as draft only with human verification
Anything you can't roll back	Mistakes compound; review tax can't catch them	Manual + checklists + four-eyes

Tasks where AI shines vs. where it fails

Shines: boilerplate, regex, glue code, file format conversion, test scaffolds, refactors with passing tests
Mixed: novel algorithms, performance optimization, debugging unfamiliar codebases
Fails: cryptography, novel concurrency primitives, anything safety-critical, anything that depends on private domain knowledge
Catastrophic: AI-generated database migrations on production, AI-generated security reviews, AI-generated regulatory compliance code

Domain knowledge AI does not have

Compliance and audit-track work

HIPAA-regulated handling of PHI: every line needs a documented author
PCI-regulated payment flow code: same
SOC 2 audit-trail code: AI authorship complicates traceability
Open-source projects with copyright provenance requirements

When you DO use AI in dangerous categories

# Risk-graded AI use, in increasing caution:

LOW   — Use AI freely:
  scaffolds, tests for safe code, internal tooling, docs, DX scripts

MED   — Use AI as drafter, human edits final:
  business logic, API endpoints, UI components, integrations

HIGH  — AI explains, human writes:
  novel algorithms, perf-critical code, complex SQL on large tables

PROHIBITED — No AI authorship:
  cryptography, auth, prod migrations, financial transfers,
  legal/regulatory code, anything irreversible at scaleA simple four-tier rubric you can apply per file or per repo.

The human-only decisions

Should we build this at all? (product judgment)
Is this user request a good use of company time? (priority)
Is this PR's tradeoff between speed and quality acceptable? (taste)
Will this change cause political problems with team X? (org context)
Is this commit message honest? (integrity)

Practical signals that you should put the AI down

You've been at it 90 minutes and the code is worse than when you started
You can't articulate the requirements clearly enough to prompt — go think first
You're rejecting every suggestion — your instinct is telling you something the AI can't help with
The bug is in code that touches money, identity, or safety — get a human reviewer
You're tempted to commit AI code without reading it because you're tired — that's the signal to stop entirely

The skill is not using AI for everything. It's knowing what not to use it for.
— A skeptical principal engineer

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-coding-debug-when-not-to-use-ai-creators

What is the core idea behind "When NOT to Use AI for Coding"?
1. AI is a power tool. Some tasks are wrong for it. Learn the categories where AI assistance reliably makes things worse, and the human-only judgment calls AI cannot replace.
2. mental model
3. Concurrent calls if the function is async — does it race?
4. complexity
Which term best describes a foundational idea in "When NOT to Use AI for Coding"?
1. irreversibility
2. fit-for-purpose
3. domain knowledge
4. compliance
A learner studying When NOT to Use AI for Coding would need to understand which concept?
1. fit-for-purpose
2. domain knowledge
3. irreversibility
4. compliance
Which of these is directly relevant to When NOT to Use AI for Coding?
1. fit-for-purpose
2. irreversibility
3. compliance
4. domain knowledge
Which of the following is a key point about When NOT to Use AI for Coding?
1. Shines: boilerplate, regex, glue code, file format conversion, test scaffolds, refactors with passin…
2. Mixed: novel algorithms, performance optimization, debugging unfamiliar codebases
3. Fails: cryptography, novel concurrency primitives, anything safety-critical, anything that depends o…
4. Catastrophic: AI-generated database migrations on production, AI-generated security reviews, AI-gene…
Which of these does NOT belong in a discussion of When NOT to Use AI for Coding?
1. Mixed: novel algorithms, performance optimization, debugging unfamiliar codebases
2. Fails: cryptography, novel concurrency primitives, anything safety-critical, anything that depends o…
3. mental model
4. Shines: boilerplate, regex, glue code, file format conversion, test scaffolds, refactors with passin…
Which statement is accurate regarding When NOT to Use AI for Coding?
1. PCI-regulated payment flow code: same
2. SOC 2 audit-trail code: AI authorship complicates traceability
3. HIPAA-regulated handling of PHI: every line needs a documented author
4. Open-source projects with copyright provenance requirements
Which of these does NOT belong in a discussion of When NOT to Use AI for Coding?
1. mental model
2. SOC 2 audit-trail code: AI authorship complicates traceability
3. HIPAA-regulated handling of PHI: every line needs a documented author
4. PCI-regulated payment flow code: same
What is the key insight about "The irreversibility test" in the context of When NOT to Use AI for Coding?
1. Before you let AI write or run something, ask: if this is wrong, can I undo it cleanly? If the answer is no — production…
2. mental model
3. Concurrent calls if the function is async — does it race?
4. complexity
What is the key insight about "Disclosure is becoming standard" in the context of When NOT to Use AI for Coding?
1. mental model
2. Many companies and OSS projects now require disclosure of AI-generated commits.
3. Concurrent calls if the function is async — does it race?
4. complexity
Which statement accurately describes an aspect of When NOT to Use AI for Coding?
1. mental model
2. Concurrent calls if the function is async — does it race?
3. Defaulting to AI for every coding task is like defaulting to a chainsaw for every cut. Sometimes you need a scalpel.
4. complexity
What does working with When NOT to Use AI for Coding typically involve?
1. mental model
2. Concurrent calls if the function is async — does it race?
3. complexity
4. Models are trained on public code. Your codebase has private knowledge: which deprecated function is still used by a customer, which weird e…
Which of the following is true about When NOT to Use AI for Coding?
1. The big idea: AI is a tool with a strong default-on bias. The mature move is to actively decide where it does not belong.
2. mental model
3. Concurrent calls if the function is async — does it race?
4. complexity
Which best describes the scope of "When NOT to Use AI for Coding"?
1. It is unrelated to ai-coding workflows
2. It focuses on AI is a power tool. Some tasks are wrong for it. Learn the categories where AI assistance reliably m
3. It applies only to the opposite beginner tier
4. It was deprecated in 2024 and no longer relevant
Which section heading best belongs in a lesson about When NOT to Use AI for Coding?
1. mental model
2. Concurrent calls if the function is async — does it race?
3. Categories where AI reliably degrades quality
4. complexity

← Back to interactive lesson