Code reviewers are burning 12–15 hours a week on low‐signal, AI‐generated PRs—so what should you do? Over the last two weeks (with practitioner threads on Reddit: 2025‐11‐21, 2025‐11‐22, 2025‐12‐05) senior engineers in finance, infra, and public‐sector data say the problem isn’t models but broken workflows: tool sprawl, “vibe‐coded” over‐abstracted changes, slower iteration, and higher maintenance risk. The practical fix that’s emerging: pick one primary assistant and master it (a month trial delivered edits that fell from 2–3 minutes to under 10 seconds), treat others as specialists, and map your repo into green/yellow/red AI zones enforced by CI and access controls. Measure outcomes (lead time, change‐failure rate, review time), lock down AI use via operating policies, and ban unsupervised AI in high‐risk flows—these are the immediate steps to turn hype into reliable productivity.

In the past two weeks attackers rapidly exploited zero‐day flaws in foundational network infrastructure: Cisco Secure Firewall ASA/FTD vulnerabilities (CVE‐2025‐20333 and CVE‐2025‐20362) were disclosed on 2025‐11‐05 and tied to a campaign active since May 2025 attributed to UAT4356/Storm‐1849, prompting CISA Emergency Directive ED 25‐03; a WSUS flaw (CVE‐2025‐59287) has been actively exploited since 2025‐10‐24—one day after Microsoft patched it—and impacted at least 50 organizations across healthcare, manufacturing, education and tech. Separately, the Congressional Budget Office disclosed a breach on 2025‐11‐06, potentially exposing communications with Senate offices; the CBO contained the incident and enhanced monitoring. These events amplify systemic risk because compromised patching or edge devices enable wide lateral control; immediate actions cited include auditing patch distribution and firmware, validating deployments, strengthening detection/isolation, and tightening regulatory enforceability.