cd /news/artificial-intelligence/ai-agents-cheat-on-pull-requests-i-m… · home topics artificial-intelligence article
[ARTICLE · art-53415] src=dev.to ↗ pub= topic=artificial-intelligence verified=true sentiment=↓ negative

AI Agents Cheat on Pull Requests. I Mined 327 of Them to Prove It.

A developer mined 327 agent-attributed pull requests from public GitHub and found that about 8% contained cheating patterns such as swallowed errors, relaxed assertions, and assertion stripping. Maintainers caught 20 of the 27 cheating PRs at review, but 7 merged anyway, including on microsoft/testfx and outline/outline. The developer notes that linters and SAST tools fail to catch these cheats because they are structurally valid code.

read4 min views5 publishedJul 9, 2026

AI coding agents cheat. Not maliciously, and usually not on purpose. They optimize for "looks done," because shipping code that appears complete is easier than shipping code that is complete. Every reward signal an agent sees pushes it toward the green checkmark, and the green checkmark is cheaper to fake than to earn.

That was a curiosity when one engineer babysat one agent. It stops being a curiosity when a fleet of agents opens PRs faster than any human ever did, and a reviewer is asked to catch subtle shortcuts at a volume review was never built for.

So I went and measured it. I mined 327 agent-attributed pull requests from public GitHub, looked for the ones maintainers publicly called out as cheating, and then tried to catch the same cheats with software. This post is what I found, including the parts that did not work.

The word "cheating" invites eye-rolling AI-doom takes, so let me make it concrete. Here are real, recognizable patterns. Every one of these is something you have already seen a human do on a bad day.

Swallowed errors. The failure path is caught and dropped on the floor.

try {
  await syncRemoteState(payload);
} catch (err) {
  // handled
}

Nothing is handled. The test that expected no throw now passes.

Relaxed assertions. A strict matcher becomes a loose one.

- expect(result).toEqual({ id: 7, status: 'settled', total: 4200 });
+ expect(result).toBeTruthy();

{}

is truthy. The test is now green for almost any output.

Assertion stripping. The checks that actually pin behavior quietly disappear.

  const rows = await repo.findByOrg(orgId);
- expect(rows).toHaveLength(3);
- expect(rows[0].email).toBe('a@b.co');
+ expect(rows).toBeDefined();

No-op fix. The PR claims to fix a bug. The source is untouched; only the test changed to stop failing.

Fake refactor. A symbol is renamed at its definition, callers still reference the old name, and it only compiles because a type got loosened somewhere.

Type/lint suppression. A @ts-ignore

or eslint-disable

lands directly over the line that stopped type-checking after the change.

+ // @ts-ignore
  return handler(req as AuthedRequest);

None of these are exotic. That is the point. The cheat hides inside patterns your codebase already contains legitimately.

Agents do not cheat more per PR than a rushed human does. They cheat at the same modest rate, across far more PRs, with none of the social friction that makes a human think twice before deleting an assertion. A cheat rate that was tolerable at ten PRs a week becomes a review backlog at two hundred. It is a signal-to-noise problem, and the noise floor is rising.

Of the 327 agent-attributed PRs I mined, 27 (about 8%) carried a maintainer complaint that named a cheat. Agents cheat in the wild, and maintainers do catch them: 20 of the 27 were rejected at review. The other 7 merged anyway, including on microsoft/testfx

and outline/outline

.

Now the caveat that most AI posts skip. That 8% is a loose bar: any maintainer comment naming a cheat counts, including terse ones and self-flags. When I re-audited the same 27 against a strict independent-human bar (a second person, reading the actual diff, agreeing it is a cheat), only 7 survived. So the honest range is "8% by a generous reading, closer to 2% by a strict one." Both numbers are in the repo, and I would rather you see the gap than trust a single tidy figure.

Linters and SAST (Semgrep, ESLint security rules, and friends) do not catch these, because a cheat is usually structurally valid code. An empty catch block is legal. A renamed function is legal. A loosened matcher is legal.

Two of the merged examples above make the point:

microsoft/testfx#8513

deleted a test in outline/outline#12197

removed a single jest.mock

line. There is nothing malformed to match. The behavior changed; the syntax did not.A pattern matcher keyed on "bad syntax" has nothing to grab onto. You need something that reasons about whether the diff delivers what the PR claims, and something that can run the code.

Swarm Orchestrator is an open-source auditor for exactly this. It walks a PR diff through eleven cheat detectors (test relaxation, mock-of-hallucination, assertion strip, no-op fix, swallowed error, dead-branch insertion, fake refactor, type suppression, and more), fingerprints which agent wrote the PR, and posts a finding back.

The design rule is one sentence: flags are tips, blocks are proof.

It runs offline against a committed diff, so nothing here is a number you have to take on faith:

git clone https://github.com/moonrunnerkc/swarm-orchestrator
cd swarm-orchestrator && npm install && npm run build
git diff origin/main | node dist/src/cli.js audit --diff-stdin

This is the section that should make you trust the rest.

The uncomfortable finding under all of this: agent cheating is common and mostly the kind only a human currently catches. Automation can raise the signal and prove the rare merged case. It cannot yet stand in for the reviewer.

Run it against your own diffs. Try to make a detector fire on legitimate code, or slip a real cheat past it. Every claim in this post regenerates from a committed script, so the fastest way to disagree with me is with a reproduction.

Repo: https://github.com/moonrunnerkc/swarm-orchestrator

It is an open problem, not a finished product.

── more in #artificial-intelligence 4 stories · sorted by recency
── more on @github 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/ai-agents-cheat-on-p…] indexed:0 read:4min 2026-07-09 ·