Back to Videos

In the Land of AI Agents, the Verifiers Are King

Channel AI Engineer
Speaker Tariq Shaukat — CEO, Sonar
Session Day 2 · Morning Keynotes
Date July 2, 2026
Segment Starts at 00:36:06 in the full 8h51m stream
Verification Sonar Code Quality Agentic Coding Keynote
TL;DR

Sonar CEO Tariq Shaukat argues that in a world of increasingly capable coding agents, the verifiers are king: models generate plausible-but-not-necessarily-correct code, so verification has to be baked into the software development lifecycle rather than treated as an afterthought. He introduces Sonar's agent-centric development cycle (AC/DC) — guide, verify, solve — built on zero-trust, multi-layered verification that combines algorithmic and agentic checks.

Key Takeaways

Summary

AGI hype meets the enterprise reality of AI slop

Shaukat opens by noting that Sonar works almost exclusively with enterprises, where the dominant conversation is not "AGI is here" but the question-mark version: is it? He points to headlines — KPMG and EY reports retracted over hallucinations, law firms in trouble over made-up citations and case law — as evidence that getting value out of AI is genuinely hard.

The core problem, he argues, is that models are incredible at generating very plausible output that sounds correct. Whether in professional services, legal, marketing, or finance, the unanswered question is how you actually know if the output is true, good, or just slop.

Isn't software development different? The data says: not enough

Using METR data, Shaukat shows coding agents improving on an exponential curve, with the latest models completing tasks that would take humans 16–18 hours. The critical caveat is that this is measured at a 50% success rate; raising the bar to 80% accuracy shrinks the achievable task horizon to roughly 3.5 hours — and even 80% wouldn't survive a performance review, as one customer CTO told him.

Sonar's own benchmarking across over 4,000 problems finds that models handle functional correctness extremely well, but still produce code that is complex, buggy, and insecure. This is the output flowing into agentic workflows — not a claim that AI is fake, but a question of how to get production-grade value from it.

Velocity without verification builds technical debt

A Carnegie Mellon study, Shaukat says, mirrors what he sees firsthand: an initial 3–5x boost in velocity that dissipates within about three months back to pre-agent baselines. The reason is the red lines on the chart — rising security, maintainability, reliability, and complexity issues. Teams generate technical debt as fast as, or faster than, they generate code, creating a new bottleneck.

His framing: while code may be provable, software at scale is not — large codebases are messy, dependency-laden, and already full of debt. So verification can be treated as an afterthought (old-school code review) or baked into the process, and baking it in yields materially better outcomes.

AC/DC: the agent-centric development cycle

Sonar's framework, playfully abbreviated AC/DC, puts verification-powered agentic loops at the center and surrounds code generation with three disciplines: guide, verify, and solve. Guide splits into context (architectural awareness, semantic navigation of the codebase) and constraints (guidelines, allowed/disallowed dependencies, coding standards, intended architecture) — Shaukat cites a newly launched product, Sonar Vortex, and reports over a 30% reduction in tokens by making the agent's job easier.

Verification itself is zero-trust and multi-layered: because every model has biases and a character, you use different models and techniques, fusing algorithmic verification (data flows, control flows, known patterns, secrets) with agentic verification (intent, business logic, unknown unknowns). Solve adds active, verified code maintenance — remediation agents and discipline that keep the codebase clean, which agents benefit from just as human developers do.

Three loops that compound — the proof in production

Shaukat argues verification must live inside a system of three deliberately designed loops: the agentic (inner) loop with in-loop verification, the CI verification loop for pull-request review and quality gates, and the code maintenance loop. Designed well, these form a self-reinforcing, compounding system — but neglecting quality sends teams into a downward spiral, exactly the dissipation the Carnegie Mellon study documents.

The results he cites: partners using multi-layered verification report 44% fewer AI-derived production outages, and a large bank using cutting-edge agentic tools achieved a 92% reduction in issues by applying guide-verify-solve inside its agentic loops — a benefit that compounds over minutes and hours rather than being a one-shot gain.

Notable Quotes

The models are incredible at generating very plausible output. They're incredible at generating things that sound correct, but are they correct?

You can treat verification as an afterthought or you can bake verification into the process.

We call it the agent centric development cycle. For shorthand we call it AC/DC sometimes.

They are reporting AI derived production outages being 44% less frequent than the ones who do not.

Chapters

TimeTopic
00:00Intro: Sonar, verification, and "Is AGI here?"
01:03AI slop everywhere — KPMG, EY, and legal hallucinations
02:40METR data: longer tasks, but only 50% success rate
04:14Sonar's 4,000-problem benchmark: correct vs. complex, buggy, insecure
05:49Carnegie Mellon study: velocity boost dissipates into tech debt
08:23AC/DC — the agent-centric development cycle: guide, verify, solve
11:00Zero-trust, multi-layered verification and 44% fewer outages
14:07Three compounding loops and a 92% reduction at a large bank

References