Why 76% of Devs Don't Use AI for Deployment: The Trust Gap in Our Tools

General
1

I spent the last quarter analyzing our engineering metrics across three product teams, and one pattern jumped out immediately:

AI tool adoption for coding: 89%
AI tool adoption for deployment: 4%

Four percent.

We trust AI to write our code. We don’t trust it to ship that code to production.

And I think that tells us something critical about where we are in the AI productivity journey - and what’s broken in how we’re measuring it.

The Trust Paradox

Here’s the paradox that should concern every engineering leader:

If AI is making us more productive at writing code, why aren’t we using it for the most time-consuming, error-prone part of the delivery cycle - deployment and release management?

The industry data is stark:

  • 76% of developers don’t use AI for deployment
  • 69% skip it for planning
  • 59% report deployment problems at least half the time when using AI tools

(source)

We’re using AI for the creative part (writing code) but not for the operational part (delivering code). Why?

My Hypothesis: Deployment Requires Understanding of State

After talking to dozens of engineers on our teams, here’s what I believe:

Code generation is stateless. Deployment is stateful.

AI can write a function because:

  • The inputs are clear
  • The outputs are defined
  • The logic is self-contained
  • The context is in the prompt

AI struggles with deployment because:

  • System state is complex and distributed
  • Dependencies are implicit and historical
  • Timing matters (can’t deploy during peak traffic)
  • Rollback requires understanding of data migration state
  • Impact requires domain knowledge (is this breaking? will customers notice?)

You can prompt AI to write code. You can’t prompt it to understand your production environment.

The Incident Rate That Explains Everything

Here’s the number that crystallizes why we don’t trust AI for deployment:

22% of deployments from developers who heavily use AI tools result in a rollback, hotfix, or customer incident.

(source)

That’s one in five deployments failing.

Now imagine if we let AI decide when, how, and what to deploy. That 22% failure rate might be closer to 50%.

Because the failures aren’t random - they’re failures of context understanding. And that’s exactly what AI lacks.

The Visibility Problem We’re Not Solving

The strategic question for CTOs and VPs of Engineering isn’t “Should we use AI for deployment?” - it’s:

“How do we build systems that can track AI-generated code through the entire delivery cycle and understand its production impact?”

Most engineering tools give you fragmented visibility:

  • GitHub shows what code was written (but not if AI helped)
  • CircleCI shows what builds passed (but not why they failed)
  • Datadog shows production errors (but not which originated from AI code)
  • LaunchDarkly shows feature flags (but not the risk profile of what’s behind them)

What’s missing: The connective tissue that links:

  1. Code origin (AI vs. human)
  2. Review quality (thorough vs. rubber-stamped)
  3. Test coverage (comprehensive vs. basic)
  4. Deployment success (clean vs. rolled back)
  5. Production health (stable vs. incidents)

Without that visibility, we’re flying blind.

Main Branch Success Rate: The Early Warning Signal

There’s one metric that’s emerged as the clearest predictor of AI code problems: main branch success rate.

Industry benchmark: 90%
Average for teams with high AI adoption: 70.8%

(source)

That 20-point gap represents:

  • Failed builds that need diagnosis
  • Reverted commits that waste CI/CD cycles
  • Hotfixes that bypass your quality gates
  • Merge conflicts that slow down the team

When your main branch success rate drops below 80%, it doesn’t matter how fast developers can write code - your delivery pipeline is the bottleneck.

And AI code is making it worse, not better.

What Would Make Us Trust AI for Deployment?

I’ve been asking our teams: “What would it take for you to let AI handle deployment?”

The answers cluster around explainability and audit trails:

For AI to deploy, engineers want:

  1. Explainable deployment plans - “I’m deploying X because Y, and here’s my rollback plan if Z”
  2. Risk assessment - “This deployment touches payment processing (high risk) vs. UI copy (low risk)”
  3. State awareness - “Migration #47 already ran in prod, so skip it”
  4. Timing intelligence - “It’s 3pm PST, peak traffic time, wait until 8pm”
  5. Audit trails - “I can explain to an auditor why this deployed when it did”

AI can’t do any of this today.

Not because the AI isn’t smart enough. Because our deployment systems don’t capture the context AI would need.

The Infrastructure We Need to Build

If we want AI to help with deployment (and we should - deployment is tedious, error-prone, and burns out on-call engineers), we need:

1. Deployment Intelligence Platforms

  • Track every deployment: who, what, when, why
  • Correlate deployments with production metrics
  • Learn patterns: “Deployments on Fridays have 2× rollback rate”

2. Risk Scoring Systems

  • Automatically assess: What’s being deployed?
  • Code complexity, test coverage, review thoroughness
  • Production blast radius, customer impact
  • Score 0-100: “This is a safe deploy” vs. “This is risky”

3. Context-Aware CI/CD

  • Not just “can this deploy?” but “should this deploy now?”
  • Time of day, system load, recent incidents, team availability
  • Block deployments that are technically valid but operationally unwise

4. AI Code Lineage Tracking

  • Tag AI-generated code at commit time
  • Track it through review, testing, deployment
  • Measure: AI code success rate vs. human code success rate in production

With that infrastructure, then we could consider AI-assisted deployment.

Without it, we’re just asking for more incidents.

The Cultural Shift Required

Here’s the uncomfortable truth:

If AI deployment fails, someone gets paged at 2am.

That’s why engineers don’t use it. The downside isn’t “this code doesn’t work” - it’s “our customers are down and I have to fix it.”

When AI writes code that breaks in development, it’s an inconvenience.
When AI deploys code that breaks in production, it’s a career-limiting incident.

The trust gap isn’t about AI capabilities. It’s about accountability.

Until we solve “who’s responsible when AI-deployed code fails?”, adoption will stay at 4%.

The Path Forward

I’m not arguing we should use AI for deployment today. I’m arguing we should build the infrastructure that makes AI deployment possible tomorrow.

Because the deployment process is broken even without AI:

  • Too manual
  • Too error-prone
  • Too dependent on tribal knowledge
  • Too stressful for on-call engineers

AI could help - but only if we redesign deployment for the AI era.

That means:

  1. Capturing context that’s currently in people’s heads
  2. Making deployment decisions explainable and auditable
  3. Building risk assessment into the pipeline
  4. Creating feedback loops from production back to code review

The 76% who don’t use AI for deployment aren’t wrong. They’re being rational.

The question is: What do we need to build to make AI deployment rational?

What would it take for you to trust AI with deployment? Or is this a human-only domain forever?

2

Michelle, you’ve articulated something I’ve been feeling but couldn’t quite name: deployment is where accountability lives.

The Organizational Reality

In my EdTech company, here’s how accountability flows:

When a developer writes code:

  • Their name is on the PR
  • Their manager reviews their output
  • But the code doesn’t affect customers yet

When code deploys to production:

  • On-call engineer is responsible
  • VPs get alerted for customer-facing incidents
  • CEO gets involved if customers churn
  • Board asks questions if revenue is impacted

The stakes are completely different.

And that’s why our adoption numbers look exactly like yours:

  • AI for coding: 87%
  • AI for deployment: 0%

Zero. Not even the 4% you’re seeing.

The Cultural Issue: AI Deployment Failures Erode Trust

Here’s what I’m worried about:

If we let AI handle deployment and it fails even once with a high-profile incident, it will poison the well for all AI tooling.

Developers will say: “Remember when we let AI deploy and it took down production for 4 hours? Yeah, I’m not trusting AI for anything important.”

The downside risk is massive. The upside (saving 30 minutes on deployment) is marginal.

That’s a terrible risk/reward ratio.

The Incident That Crystallized This for Me

Three months ago, one of our senior engineers was running late for a family commitment. He was supposed to deploy a feature flag change - low risk, we’d done it a hundred times.

He used an AI coding assistant to generate the deployment script.

The AI suggested: kubectl apply -f config.yaml

Seems reasonable. Except:

  1. We have multiple Kubernetes clusters (dev, staging, prod)
  2. The AI didn’t specify which cluster
  3. The engineer didn’t notice
  4. The script defaulted to prod
  5. A dev-environment config got applied to production
  6. Our main app went down for 47 minutes

Root cause: The AI generated syntactically correct commands without understanding our multi-environment setup.

Cultural impact: Our entire engineering team now refuses to use AI for any ops tasks. Not deployment, not database migrations, not config changes. Nothing.

One incident. Total trust collapse.

The “Who’s Responsible?” Question

Michelle, you nailed it with this:

“Until we solve ‘who’s responsible when AI-deployed code fails?’, adoption will stay at 4%.”

In our incident postmortem, the question came up: “Who’s accountable?”

  • The engineer who ran the AI-generated script? (He reviewed it, but didn’t catch the cluster ambiguity)
  • The AI tool vendor? (Their TOS says “not responsible for output”)
  • The VP of Engineering? (Me, because it happened on my watch)
  • The process? (We didn’t have guardrails to prevent this)

We settled on “process failure” - but that didn’t help the engineer who felt terrible, or the customers who were affected, or the sales team who had to apologize.

AI diffuses responsibility in a way that makes incidents harder to learn from.

What We Need: AI as Advisor, Not Actor

I love your vision of deployment intelligence platforms and risk scoring. But I think we need an intermediate step:

AI as a deployment advisor, not a deployment actor.

Instead of: “AI, deploy this code”

Try: “AI, review my deployment plan and tell me what could go wrong”

The AI could:

  • Check: Is this deploying to the right environment?
  • Verify: Are all prerequisites met? (migrations run, feature flags set, etc.)
  • Assess: What’s the blast radius if this fails?
  • Suggest: Based on time/traffic/recent incidents, is now a good time?
  • Generate: A rollback plan in case things go wrong

Humans make the final decision. AI provides intelligence.

That keeps accountability clear while getting value from AI.

The Infrastructure Changes We Made

After our incident, we implemented:

1. Explicit Environment Validation

  • Every deployment script must declare target environment
  • Scripts won’t run without confirmation: “You are deploying to PROD. Type the environment name to confirm.”

2. Deployment Time Windows

  • Production deploys only allowed: Mon-Thu, 10am-4pm PST
  • Outside that window requires VP approval
  • No Friday deploys, no late-night deploys (unless it’s a hotfix with incident ticket)

3. Automated Pre-Flight Checks

  • Before any deploy: run checks on dependencies, migrations, feature flags
  • If checks fail, deployment is blocked
  • Must fix issues before proceeding

4. Mandatory Rollback Plans

  • Every deploy PR must include: “If this breaks, here’s how to roll back”
  • Reviewed before merge
  • Included in deployment runbook

AI didn’t give us any of this. Humans designed it after humans made a mistake with AI.

The Question for CTOs

@cto_michelle you asked: “What would it take for you to trust AI with deployment?”

My answer: I won’t. Not for the next 5 years at least.

Not because AI isn’t capable. Because the cost of being wrong is too high, and the benefit of being right is too low.

Deployment isn’t our bottleneck. Code review is. Testing is. Architectural decision-making is.

If AI could make code review 50% faster while maintaining quality - I’d invest heavily.

If AI could auto-generate comprehensive test suites - I’d adopt immediately.

But deployment? That’s already fast when you have good CI/CD. The problem isn’t speed, it’s risk management.

I’d rather have slow, safe deployments than fast, AI-powered deployments that might take us down.

What do others think? Am I being too conservative? Or is deployment just fundamentally different from code generation?

3

@cto_michelle this hits at something fundamental in financial services: deployment is audited.

The Compliance Angle Nobody’s Talking About

In our industry, every production deployment must have:

  • Who: Which engineer authorized it?
  • What: Exactly what changed?
  • When: Timestamp (down to the second)
  • Why: Link to ticket/requirement
  • How: Deployment method and approvals
  • Rollback plan: How to undo if it breaks

All of this gets reviewed by:

  • Internal audit team
  • External auditors
  • Bank examiners (for FDIC compliance)
  • SEC if it affects financial reporting

When auditors ask “Why did this deploy on March 15th at 3:47pm?”, the answer cannot be “The AI thought it was a good time.”

They need a human who can explain:

  • What business requirement drove this change
  • Why the timing was appropriate
  • What risk assessment was performed
  • Who approved it at each stage

AI Creates an Accountability Gap

@vp_eng_keisha shared the Kubernetes incident where AI deployed to the wrong environment. In fintech, that would trigger:

  • Immediate incident report to compliance
  • Root cause analysis within 24 hours
  • Remediation plan within 48 hours
  • Process changes documented and audited
  • Potentially: Mandatory Disclosure to regulators

And the question would be: “Who authorized this deployment?”

If the answer is “An AI tool,” that’s… not going to fly.

Even if the engineer “reviewed” the AI’s suggestion, they’d be on the hook for:

  • Not catching the environment error
  • Trusting AI output without sufficient validation
  • Bypassing established deployment procedures

The engineer becomes liable for AI’s mistakes. That’s not a position anyone wants to be in.

The “Explainability” Requirement

Michelle, you mentioned AI needs to provide “explainable deployment plans.” In financial services, that’s not just nice-to-have - it’s legally required.

For any deployment that touches:

  • Customer financial data
  • Transaction processing
  • Regulatory reporting systems
  • Audit trails

We must be able to explain:

  • Every decision point
  • Every risk consideration
  • Every approval step
  • Every control that was in place

AI’s “black box” decision-making doesn’t meet that bar.

Even if AI could perfectly deploy, if we can’t explain how it decided, we can’t use it.

What We’re Doing: Required Human Design, AI Can Suggest

Similar to the code generation approach, we’re piloting:

For any production deployment:

  1. Senior engineer writes deployment plan including:
    • Target environment and validation steps
    • Timing justification (why now?)
    • Rollback procedure
    • Stakeholder notifications
    • Success criteria
  2. Plan gets peer reviewed
  3. Then AI can generate the specific commands
  4. Commands get reviewed against the plan
  5. Human executes (not AI)

This gives us:

  • Audit trail of human decision-making
  • Explainability for each step
  • Accountability (the engineer who wrote the plan)
  • AI value (generating error-free commands from high-level plan)

The Risk Assessment Problem

Michelle mentioned AI needs risk scoring for deployments. In fintech, we already do this manually:

Low risk deployments (can proceed with standard approval):

  • UI copy changes
  • New feature behind feature flag (default off)
  • Internal tooling updates
  • Non-customer-facing improvements

High risk deployments (require VP+ approval):

  • Payment processing changes
  • Database schema migrations
  • Security/authentication updates
  • Regulatory reporting changes

Could AI learn these categories? Maybe.

But when AI gets it wrong and categorizes a high-risk deploy as low-risk, someone goes to jail (potentially).

That’s not hyperbole. In financial services, compliance violations can result in personal criminal liability for executives.

So we’re conservative: Humans categorize risk. Always.

The Trust Question

@vp_eng_keisha asked: “Am I being too conservative?”

From a financial services perspective: No. You’re being appropriately risk-aware.

The benefit of AI deployment:

  • Save 30-60 minutes on manual deployment steps
  • Reduce human error in command syntax

The cost of AI deployment failure:

  • Customer data loss: $$$
  • Regulatory fines: $$$$
  • Reputation damage: $$$$$
  • Personal liability: Career-ending

That’s not a trade-off anyone rational would make.

The Proposal: AI for Deployment Review, Not Deployment Execution

I like Keisha’s “AI as advisor” framing. Here’s how that could work in practice:

Before deployment, AI reviews and flags:

  • :warning: Deploying to prod during peak hours (3pm PST)
  • :warning: No rollback plan documented
  • :warning: Database migration could cause downtime
  • :white_check_mark: All tests passed
  • :warning: Similar deployment caused incident last month
  • :warning: Feature flag not configured in prod yet

This gives us AI value (catching issues humans miss) without AI risk (AI making deployment decisions).

Humans review the flags, humans decide whether to proceed.

Accountability stays clear. Audit trail stays human-readable.

Michelle, I’m curious - are there industries where AI deployment would be appropriate? Maybe internal tools, or non-customer-facing systems, or industries with less regulatory scrutiny?

Or is deployment just fundamentally a “human decision” domain regardless of industry?

4

Coming from design systems, I have a maybe-controversial take:

I don’t want AI deploying my code because AI doesn’t understand user impact.

The Design Perspective: Deployment is When Things Become Real

When code is in a PR, it’s theoretical. When it’s deployed, it’s in front of users.

AI can write code that:

  • Compiles correctly :white_check_mark:
  • Passes tests :white_check_mark:
  • Follows syntax rules :white_check_mark:

But AI can’t answer:

  • Will users notice this change?
  • Is now a good time for them to see it?
  • How will this affect their workflow?
  • What if they’re in the middle of something when it deploys?

Those are human judgment calls, and they matter for deployment timing.

The Story of the Modal Deployment

Remember the accessibility-nightmare modal I mentioned in my other post?

Even after we fixed all the accessibility issues, we still had to decide when to deploy it.

The considerations:

  • It replaced an existing modal that users were familiar with
  • The new design was better, but different
  • Some users had learned workarounds for the old modal’s quirks
  • We needed to coordinate with customer success for support training
  • Marketing wanted to announce it as a feature update
  • We needed to monitor feedback after launch

AI could not have made any of these decisions.

Even if the code was perfect (it wasn’t), deployment timing required understanding of:

  • User behavior patterns
  • Support team capacity
  • Marketing coordination
  • Feedback loops

That’s contextual knowledge AI doesn’t have.

The Fear: AI Would Have Deployed During Peak Hours

Here’s my specific worry with AI deployment:

AI optimizes for technical correctness, not user experience.

If we let AI decide when to deploy, it might choose:

  • Middle of the workday (when tests are green!)
  • During a marketing campaign (it doesn’t know there’s a campaign)
  • Right before a holiday weekend (nobody will be around to monitor)
  • The same day as another team’s big launch (coordination? what’s that?)

A human looks at the calendar and says: “Let’s wait until Tuesday morning when the team is fresh and users aren’t in their end-of-quarter crunch.”

AI doesn’t have that context.

The User Impact AI Doesn’t See

Michelle talked about correlating deployments with production metrics. But there’s a lag:

Technical metrics show up immediately:

  • Error rates spike
  • Performance degrades
  • API latency increases

User experience metrics show up slowly:

  • Support tickets (24-48 hours)
  • User satisfaction surveys (1 week)
  • Churn (30-90 days)

By the time we see that a deployment hurt user experience, the damage is done.

AI doesn’t monitor NPS scores. It doesn’t read support tickets. It doesn’t notice that “technically successful” deployment made the app harder to use.

The Question Nobody’s Asking

“What if AI deploys something that technically works but users hate?”

Example:

  • AI deploys a performance optimization
  • Page load time improves by 200ms (success!)
  • But the optimization changed animation timing
  • Users find the new animation “jarring” and “unpleasant”
  • Satisfaction scores drop
  • Some users switch to competitor

Technical success. User experience failure.

AI optimizes for the first metric, not the second.

What I Want Instead: AI for Deployment Impact Preview

Rather than AI executing deployments, I want AI to preview deployment impact:

Before deploying, AI analyzes:

  • What UI elements are changing?
  • Which users will see the changes?
  • What time of day has lowest active user count?
  • Are there other deployments scheduled nearby?
  • What was user feedback last time we changed this component?
  • Are there support articles that need updating?

This helps humans make better deployment decisions, without taking the decision away from humans.

The “Deployment is When Craft Meets Users” Philosophy

As a designer, I think about deployment as:

The moment when our work becomes real for the people we’re designing for.

That moment deserves:

  • Intention (we chose this timing thoughtfully)
  • Attention (we’re monitoring feedback closely)
  • Care (we’re ready to respond if users struggle)

AI can help with monitoring. It can flag issues. It can suggest timing.

But the decision to say “Yes, deploy this now, to these users, in this way” - that should be human.

Because we’re deploying for humans. We should decide as humans.

Maybe I’m too idealistic. Maybe deployment will be automated eventually and I’m clinging to an outdated notion of craftsmanship.

But until AI understands user experience as well as it understands code syntax, I don’t want it in control of when users see our work.

@cto_michelle - your deployment intelligence platform idea is great. But I’d use it to inform human decisions, not replace them.

Am I overthinking this from a design lens? Or is “user impact awareness” actually a critical deployment skill that AI lacks?

5

This thread is fascinating because everyone’s describing the same fear from different angles: AI deployment = loss of control over customer impact.

The Business Risk Calculation

Let me translate all these concerns into the language I use with our board:

AI Deployment Risk Matrix:

Risk Type Probability Impact Example
Technical failure 22% High Deployment breaks production
Timing failure 60% Medium Deploy during peak usage
Compliance failure 5% Severe Deploy without audit trail
UX failure 40% Medium-High Deploy change users hate
Coordination failure 50% Medium Deploy conflicts with another team

Even if AI gets technical correctness to 95%, the other failure modes make total deployment automation unacceptably risky.

The Question I’m Taking to Engineering

After reading this thread, here’s what I’m going to ask our CTO:

“What’s the actual time savings of AI deployment vs. the risk cost?”

Let’s say AI could save us:

  • 30 minutes per deployment
  • 20 deployments per week
  • 10 hours per week saved

But if AI-driven deployment increases incident probability from 2% to 22% (the stat Michelle cited):

  • 4.4 deployments per week with incidents (vs. 0.4 currently)
  • Each incident costs ~8 hours to diagnose + fix + communicate
  • 35 hours per week lost to incident response

Net productivity: -25 hours per week

The math doesn’t work. At all.

What Would Make the Math Work?

For AI deployment to make business sense, we’d need:

1. Incident rate parity

  • AI deployments can’t be riskier than human deployments
  • Need to get that 22% down to 2%
  • Requires: All the infrastructure Michelle described (risk scoring, context awareness, etc.)

2. Rollback automation that actually works

  • If AI deploys and something breaks, AI must auto-rollback
  • Can’t wait for humans to notice and fix
  • Requires: Real-time production health monitoring tied to deployment system

3. Scoped deployment authority

  • AI can deploy low-risk changes (UI copy, internal tools)
  • Humans must approve high-risk deploys (payments, data migrations, security)
  • Requires: Accurate risk classification (which AI isn’t good at yet)

4. Clear accountability

  • When AI-deployed code causes customer impact, there’s a clear owner
  • Not “the AI did it” but “this human authorized AI deployment of this category”
  • Requires: Legal/compliance framework that hasn’t been built yet

The Strategic Question: Where Else Could We Use AI?

Here’s what bugs me about the AI deployment conversation:

We’re arguing about automating something that isn’t actually our bottleneck.

@vp_eng_keisha said it perfectly: “Deployment isn’t our bottleneck. Code review is.”

From a product perspective, if we could invest AI resources in one area, I’d choose:

1. Automated test generation (would save way more time than deployment automation)
2. Intelligent code review (flag issues before humans review)
3. User research synthesis (help PMs understand customer feedback faster)
4. Deployment impact analysis (what Maya suggested - preview impact, don’t execute)

All of these would improve velocity without increasing customer risk.

AI deployment automation improves velocity by increasing customer risk. That’s backwards.

The Framework I’m Using

When evaluating “should AI do this?”, I ask:

Three Questions:

  1. Is this a bottleneck? (Does automation actually speed things up?)
  2. Can AI do it better than humans? (Quality, not just speed)
  3. If AI fails, what’s the blast radius? (Customer impact)

For AI deployment:

  1. :cross_mark: Not really a bottleneck (our deployments take 10-15 min, that’s fine)
  2. :cross_mark: No - AI has 22% incident rate vs. 2% human rate
  3. :cross_mark: Huge blast radius - customer-facing production failures

For AI code review assistance:

  1. :white_check_mark: Yes - review is our #1 bottleneck (91% increase in review time)
  2. :white_check_mark: Potentially - AI could flag obvious issues, let humans focus on architecture
  3. :white_check_mark: Low blast radius - humans still make final decision, bad suggestions just slow review slightly

I’d invest in #2, not #1.

What I’m Proposing to Our Team

Instead of “AI deployment automation,” I’m proposing:

“AI-assisted deployment decision support”

The AI doesn’t deploy. It helps humans deploy better by:

  • Analyzing: Is now a good time? (traffic, other deploys, on-call schedule, recent incidents)
  • Suggesting: Best deployment window in next 48 hours
  • Previewing: What could go wrong? (past incidents, dependency analysis, blast radius)
  • Validating: Are all prerequisites met? (migrations, feature flags, monitoring, rollback plan)
  • Monitoring: After deploy, watch for early warning signs and alert humans

Humans still press the button. But AI makes the button press smarter.

That gets us most of the value (better deployment decisions) with none of the risk (AI failures causing customer incidents).

Michelle, you asked: “What would make us trust AI for deployment?”

My answer: Don’t aim for trust. Aim for assistance.

We don’t need to trust AI to deploy. We need AI to help us deploy better.

That’s a much more achievable goal, and probably a more valuable one too.

What do you think - is “AI-assisted deployment” the right middle ground? Or am I just inventing a less scary way to say “we’re not doing AI deployment”?