Over 95% of Coinbase’s new code is now written by AI. That number alone should make any engineer—or regulator—stop and recalibrate. But the real story isn’t the percentage; it’s what that last 5% represents. Rob Witoff, Coinbase’s head of engineering, frames it as a win: AI accelerates execution, while high-agency humans retain judgment and strategy. I don’t buy the clean separation. The line between “strategy” and “code” is blurrier than most admit, and in crypto, blurry lines bleed into security breaches.
This isn’t a new experiment. Coinbase has been quietly scaling AI-assisted development since 2023, when GitHub Copilot became standard for its engineering teams. Today, almost every pull request has AI-generated lines. But here’s the context most miss: Coinbase is a publicly traded, regulated entity. Its codebase touches custody, trading, and settlement. A single logic error in an AI-generated function could lock user funds or trigger a flash-loan exploitable bug. The stakes are higher than a typical SaaS product.
Let’s break down what “95% of code written by AI” really means. From my own experience in 2021, when I wrote arbitrage scripts for Uniswap V3, I learned that even a one-line mistake in a pricing oracle could drain a liquidity pool. AI doesn’t understand economic context—it predicts tokens. When it writes a Solidity function, it’s statistically mimicking patterns from its training data, which includes buggy contracts and safe ones equally. The model has no concept of “this is a financial system with millions at risk.” That’s why the human review layer is critical.
Coinbase claims high-agency humans still own judgment and strategy. But in practice, code review for AI-generated code is different. Reviewers tend to trust the output more—automation bias. They skim for obvious errors but miss subtle logical flaws. I’ve seen this in audits I’ve consulted on: teams using Copilot produced twice the number of “logically correct but unsafe” patterns compared to those writing from scratch. The most common blind spot? Reentrancy guards that look right but fail under edge-case gas schedules.
Here’s the technical reality: AI excels at boilerplate and repetitive patterns—ERC-20 interfaces, basic access control, event logging. That’s likely 60-70% of Coinbase’s new code. The remaining 5% of human-written code is where architecture, security, and novel logic reside. So the real ratio is impressive but not revolutionary: AI handles the grunt work, humans design the system. The risk isn’t in the 95%—it’s in the boundary between AI and human code. Interfaces often hold the highest bug density.

Now, the contrarian angle the market ignores: If every exchange adopts similar AI tools—and Binance, Kraken, and Bybit already have—the efficiency advantage neutralizes. The true differentiator becomes verification, not generation. Coinbase hasn’t published formal verification results or adversarial testing metrics for AI-generated modules. That silence is a red flag. In a sideways market like today, where every basis point of uptime and security matters, the winner won’t be the fastest coder but the most resilient system.
I don’t see Coinbase’s AI adoption as a straightforward positive. The risk matrix reveals a clear danger: an AI-written bug that causes a trade settlement failure could trigger SEC scrutiny on “algorithmic compliance.” Regulators already eye AI in finance. If the 95% figure becomes a headline during a crisis, the narrative flips from efficiency to recklessness. The fact that Coinbase frames it as “we still use humans” tells me they know the liability.
What’s the next narrative? It’s not about how much code AI writes—it’s about how you audit code at scale. Projects that integrate AI-generated code with formal verification, property-based testing, and continuous fuzzing will earn institutional trust. Coinbase is early, but without transparent security metrics, this story is incomplete. The market will reward those who make AI safe, not those who make it fast.
Follow the structure, not the hype. Over the next six months, watch for one signal: does Coinbase release a detailed audit of AI-generated modules? If yes, it’s a bullish foundation. If no, the 95% figure becomes a ticking liability. I’m watching the verification layer, not the generation rate.

This isn’t a bearish call on Coinbase—it’s a call for precision. In crypto, the gap between “works in practice” and “works in theory” is where losses happen. AI closes that gap slower than marketing implies. The real alpha lies in understanding which protocols treat AI as a tool, not a replacement.