A lot of that anxiety comes from so-called "vibe coding." Vibe coding means using AI to build software by merely describing requirements, without worrying much about structure, testing, or long-term maintenance. Vibe coding can feel reckless (because it is). As if "moving fast and breaking things" at human speed wasn't scary enough; now we can break things with lightspeed automation. Use vibe code in production? No way.
AI coding has clear potential for productivity gain, but only if insurers address two obstacles:
- Obstacle 1: AI-generated code needs to be safe enough for production use
- Obstacle 2: AI-generated code must work with existing systems
Without addressing these issues, AI-generated code is limited to standalone prototyping. That does indeed have value, but the real opportunity comes from moving past the two obstacles.
Over time, we've developed practical ways to make AI-generated code production-ready.
Solving Obstacle 1: Making AI-Generated Code Safe for Production
An LLM can write a research report for me in seconds, but I would never publish the result as is. Code is no different. AI-generated code should be treated like code written by a very junior engineer. It should never go directly into production. Frankly, no code—whether written by a human or AI—should go directly into production!
Here are some best practices for making it safe.
- Engineer Code Review: Experienced engineers need to review AI-generated code, as they would review a junior engineer's code before putting it into production.
- Unit Tests: Unit tests are highly valuable, but it's dangerous to let AI generate these. If the AI misunderstands your requirements and generates a bug, it'll probably misunderstand your requirements for the test too. The AI is likely to write unit tests that actually pass only if the bug is there!
- Integration Tests: Integration tests validate the contracts between components. Most production failures occur here, not inside isolated functions. AI often models these complex interactions too simply: over-mocking dependencies, testing only happy paths, and ignoring real failure modes. Integration tests require judgment about how the systems are intended to collaborate. AI can generate integration tests, but you need to review the tests thoroughly and hand-write any test cases that AI missed.
- End-to-End Tests: I have some good news: here is a place where AI works great! Use AI to specify tests for overall user-level workflows, which will only pass if the entire system is working as expected.
- Static and Dynamic Code Analysis: All the tools that review engineers' code quality can also review AI-generated code. There are many popular tools such as SonarQube, CodeQL, and OWASP ZAP. Choose some good ones and use them.
- Code-Generation Tool Selection: The best AI tool to use is a matter of opinion and will likely change faster than your browser can refresh this page! At the moment, popular code-generation tools include Codex from ChatGPT, Claude Code from Anthropic, and Cursor. Keep watch on the latest developments and be prepared to change when something better comes. Most importantly, only use AI tools approved by your security team.
- Security Team Collaboration: Every insurer has a security team. All developers should work closely with their security teams to keep up with AI's rapidly evolving capabilities and vulnerabilities.
Solving Obstacle 2: Integrating AI-Generated Code with Other Systems
We've now covered best practices for high-velocity, production-ready AI-generated code. That's great if it's all you need, but in the enterprise, code doesn't operate in isolation. Most insurance software (certainly most insurance core software) wasn't engineered with AI in mind, and that can drastically reduce the benefits of AI for the enterprise.
Here are the things that make software compatible with AI-generated code. They are a must-have list when selecting enterprise software vendors.
Look For Modular Design
Remember when I said AI-generated code should be treated like code written by a very junior engineer? If you give a junior engineer the keys to your whole code base, you can expect an intractable amount of code reviewing before you can ship it. They need guardrails, and so does AI.
This is why modularity (with well-defined contracts!) is highly important. If the architecture is divided into well-defined plugins, configurations, and integrations, and all the connection points use open standards that are well documented, you can give AI these small components and reasonably review and test each one.
Look For Open Languages and Formats
Code-generating AIs are trained on all mainstream programming languages and file formats. They all know Java, Python, and JavaScript. They also know JSON, CSV, and RESTful APIs. Unfortunately for insurers, a lot of insurance core platforms have invented proprietary languages and file formats, which no LLMs are trained on. Insurers have great difficulty trying to use AI-generated code around these systems.
Look For Documentation
Whether it be APIs, configuration syntax, or system architectures, engineers hate it when they have to ask vendors for information that should be provided in documentation. Whereas humans have the privilege of calling support or emailing other engineers, AI gets stuck.
Insurers today need to look at their vendors' documentation with a very critical eye. In the past, poor documentation was acceptable when supplemented with weeks of training and continuing access to experts. This model is annoying with human developers, but it totally breaks with AI-generated code.
Look For Data-Fluent Systems
From report generation to business intelligence to data lake integrations, many use cases for AI-generated code deal with data. Your AI-generated software will be no better with data than the enterprise software it relies on.
- Data fluency for an enterprise software means:
- Strong APIs for accessing individual records
- Included data lake for mass queries
- Webhooks and delta file exports for keeping external systems updated in real time
- High-speed server responses for all data retrieval operations
- High uptime so data is always available
- Real-time data consistency across the system
If your enterprise platform doesn't have strong APIs, then your AI will struggle to write code to interact with it. If it can't support mass queries, then your AI can't generate reports for you. If the system is slow, the code your AI generates will be slow. If the system has frequent downtime…you get the idea.
If the flow of data around your enterprise is too complicated and asynchronous that your own engineers struggle to add new capabilities, then your AI-generated code will struggle too.
Look For MCP Servers
Model Context Protocol (MCP) is currently the most popular standard for connecting AI with other software platforms. A modern enterprise software platform has user interfaces for human interaction, APIs for external software interaction, and MCP servers for external AI interaction.
This is admittedly off-topic when evaluating enterprise software's ability to integrate well with AI-generated code, but any enterprise software must be considered AI-compatible. With an MCP server, the latest LLMs require no code at all to connect with enterprise platforms. This is why MCP is supported by such enterprise software giants as Salesforce, Snowflake, Atlassian, and HubSpot, among others.
Conclusion
AI-assisted development is here, and it's already too powerful for insurers to ignore. Like any powerful tool, it can be immensely valuable or immensely dangerous. Insurers today can safely realize 75% reductions in their development costs and a 2x increase in their IT velocity if they use best practices and work with AI-compatible platforms.
As AI continues its rapid pace of development, smart platform decisions today will amplify into massive future advantages.
