Esteban Sancho

He works at the intersection of software, organizations, and human behavior. He helps teams build better systems and writes about why well-intended efforts so often fail to deliver.

4 minute read

Enterprises spent millions on AI tools. Developers got faster. Tasks completed quicker.

Sprint velocity didn’t move.

The CFO wants to know where the ROI is. Startups are building MVPs in three weeks. Solo developers are shipping 10x faster.

Everyone has access to the same AI models, the same coding assistants. The gap isn’t the tools.

It’s whether you’ve moved from code-first to spec-driven development, where AI generates implementation and humans review architecture. That’s the workflow shift separating 10% gains from 10x.

Spec-driven: define the system clearly, AI generates implementation, humans review architecture.

Example: instead of “build a payments API,” the spec defines endpoints, failure modes, and data contracts. AI generates the code. Humans review whether the design is correct, not whether each line compiles.

Why You’re Stuck: Amdahl’s Law in Practice

Stanford researchers studied 120,000 developers across 600+ companies. Median productivity gain: 10%.

This isn’t a failure. It’s math.

The traditional enterprise workflow has six steps: requirements gathering, design, write code, code review, testing, deployment. AI tools accelerate step three: writing code.

But coding is roughly 20% of the cycle. Code review, testing, and coordination make up the rest. Even if coding becomes infinitely fast, you’re still bottlenecked by everything downstream. That’s Amdahl’s Law: optimizing one step can’t transform the system.

GitHub’s data with Accenture confirms it. Developers complete tasks 55% faster. Sprint velocity: unchanged.

A 2025 METR randomized trial sharpens the picture further. Sixteen experienced open-source developers working on large, complex repos were assigned to use AI tools or work without them. The group using AI took 19% longer to complete tasks, while estimating they were 20% faster. Wrong in both direction and magnitude.

The workflow was designed for human-speed coding. AI sped up one step, but left the system intact.

The Spec-Driven Shift: What 10x Teams Do Differently

Some teams using the exact same tools achieve radically different outcomes.

Some individuals report extreme output (hundreds of commits per day), but only when quality control shifts entirely to specs and automated validation. Teams making this shift see feature cycle times drop from weeks to days: one WASM integration that would have taken one to two weeks was completed in seven hours.

Humans shift from implementers to architects. Review moves from line-by-line code to system design. Automated testing replaces manual code inspection.

At enterprise scale, this is already happening. Stripe generates 1,300+ AI-generated pull requests per week using “blueprints” that specify intent before agents execute, all reviewed for architecture, all validated by automated gates, operating under financial compliance requirements. Amazon Kiro launched the same model and reached 250,000+ developers in three months.

This isn’t fringe experimentation. It’s the pattern behind most sustained velocity gains.

The Two Workflows, Side by Side

Traditional (where most enterprises are):

  1. Requirements gathering
  2. Design
  3. Write code ← AI applied here
  4. Code review
  5. Test
  6. Deploy

Human role: implementer. Bottleneck: coding speed, then review and testing. AI impact: ~10% system gain.

Spec-driven (where 10x teams are):

  1. Conversation with AI (explore design space)
  2. Specification (architectural decisions)
  3. AI generates code (implementation from spec)
  4. Architecture review (human validates design, not code)
  5. Automated validation (tests + security gates)

Human role: architect. Bottleneck: AI inference time. AI impact: transforms steps 1–3, shifts humans to higher-leverage work.

This increases upfront design time. It reduces rework downstream by more.

Barry Boehm’s research quantifies the leverage: requirements and design errors cost 10–100x more to fix after deployment than during design. One hour reviewing a spec catches architectural mistakes that would cost 100 hours to fix in production. The ROI shifts dramatically when review moves upstream.

For enterprises, spec review is also governance-compatible in ways that vibe coding isn’t. Specs are versioned, auditable artifacts. Architecture review creates compliance-ready documentation. Automated security gates enforce enterprise requirements rather than replacing them.

The Security Trap (Why Naive Replication Fails)

Here’s where most teams get it wrong.

Many enterprise teams see this pattern and conclude: remove code review, ship faster. That’s how you get security disasters.

Veracode’s 2026 State of Software Security report analyzed 1.6 million applications. 82% of organizations carry security debt (up 11% year-over-year). Critical security debt surged 36% in a single year. The cause: AI-generated code reaching production faster than security teams can remediate.

If you pilot spec-driven development without strong automated security gates, you’re not replicating what makes it work. You’re just shipping faster with less oversight.

How to Start

The 8–12% gains you’re seeing are predictable with a code-first workflow. They’re not a ceiling. They’re a consequence of where you applied AI.

Start here Monday: Pick one team. Run a two-week pilot:

  • Require written specs before any coding begins
  • Generate implementation with AI from the spec
  • Review architecture, not line-by-line code
  • Enforce CI tests and security scans before merge
  • Measure cycle time (idea to production), not coding speed

If nothing changes in two weeks, you’ve learned something cheap. If it works, you’ve found your leverage point.

The real barriers are organizational, not technical: legacy codebases, embedded code review culture, developers who identify as implementers rather than architects. The transformation requires executive sponsorship, investment in automated quality gates, and new metrics focused on business outcomes.

The risk isn’t that this won’t work. It’s that someone else figures it out first, on a smaller team, with fewer constraints. Start with one team, measure what actually matters, and decide from evidence.

You May Also Enjoy

Why Code Review Breaks at AI Velocity

10 minute read

Nearly half of all code is now AI-generated. But your code review process wasn’t designed for this. Learn why code review failure reveals a structural proble...

The Intent Gap in Software Requirements

9 minute read

Why software estimation fails despite better tools: Requirements capture the ‘what’ while losing the ‘why,’ creating a Knowledge Transfer Tax that compounds ...