Software engineering has just spent three years running an experiment legal is about to repeat: collapse the cost of producing work and see what happens to the cost of checking it.

The results are in, and I find them worth reading closely, because my field got its first answer wrong before it found a better one.

Hi there. I’m Martin, CTO at Flank.

The bill moved

Writing code felt like the constraint for most of my career. It was the part that filled the estimates, the part we hired for, the part that made projects late. Then, in the space of about two years, language models made producing code close to free. Engineers with AI assistants now complete nearly twice as many changes as those without, according to telemetry Faros AI collected across more than ten thousand developers. On paper, that is the productivity revolution everyone was promised.

The same dataset shows what the revolution actually did. Each change grew 154% larger. The time for a colleague to review one rose 91%, and it has kept climbing since. Google’s DORA research programme, the closest thing engineering has to a longitudinal study of itself, found in 2025 that teams adopting AI ship more and break more at the same time, with the hours saved on writing quietly reallocated to auditing what was written.

None of this surprised the older engineers. There is a strand of thinking, running back through fifty years of software literature, which holds that writing code was never the real constraint at all. Understanding, verifying and integrating it was. The generation step was simply expensive enough to hide that. Make generation free and the truth surfaces: the entire cost of software is the checking. The bill did not shrink. It moved.

🏗️ What we did about it

The first response was the honest, doomed one: review everything, harder. Senior engineers became full-time readers of machine output, and the bottleneck reformed one desk downstream, exactly where the throughput gains were supposed to land. What broke that pattern was a pair of moves that I think of as one idea.

The first move was letting AI into review itself. Every major model provider now ships a specialised tool or skill for reviewing code; GitHub’s review agent alone performed sixty million reviews within a year of launch. The point of these systems is only partly catching bugs. Their more interesting job is directing attention: annotating which change touches authentication, which migration brushes against the payments table, which innocuous-looking diff has a large blast radius. A reviewer whose eyes are steered to the dangerous ten lines is a different economic object from one reading four thousand lines at a flat rate.

The bill did not shrink. It moved.

The second move was making triage explicit. On a well-run team today, the most routine changes, the kind that pass every automated test and follow a well-worn pattern, ship with no human involved at all. Anything touching payments, passwords or customer data: a human review is mandatory, sometimes two. Between those poles every team calibrates its own line, and the line moves as trust accumulates. The same Faros telemetry shows nearly a third more changes now shipping with no human review at all, while review time on the remainder goes up. That reads to me as deliberate spending rather than carelessness. Attention is being taken away from changes that never needed it and concentrated on changes that always did.

That is the idea underneath both moves: review is a budget. Reviewer attention is finite, expensive and, unlike generation, does not scale with volume. So each change gets priced, in attention, proportional to what happens if it is wrong: what breaks, for how many people, how reversibly. Cheap changes cost near zero. Dangerous ones cost more than they did before, on purpose. No standards body wrote this down. Thousands of teams converged on it independently, because every alternative either shipped incidents or recreated the queue.

⚖️ Legal is early in the same experiment

Legal has reached the point in the curve where producing the work is fast and everything else is not. Models draft contracts and produce first-pass reviews in minutes. And then the verification begins. Thomson Reuters found that 41% of professionals will not use AI output without human review unless it is 100% accurate, a standard no human associate has ever been held to, and 91% admit to holding machines to a higher bar than people. The caution is earned. Stanford researchers benchmarked the leading AI legal research tools and found them wrong on between one in six and one in three queries, against marketing that said hallucination-free.

So lawyers check everything, and they are right to. But checking everything at the document level is the flat-rate response, the one my industry tried first. My colleague Taariq described the end state months ago: a lawyer who runs every NDA through a tool, then redoes the work by hand, every day, for six months. Adoption is now above half of in-house teams while the share reporting an actual reduction in cost sits in single digits, and I think the flat rate is most of the explanation.

Review is a budget. Reviewer attention is finite, expensive and, unlike generation, does not scale with volume.

Jake wrote this month that legal is an operational bottleneck, and that the right amount of human involvement is whatever lets a named person own the result, and no more. Supervision falls where the risk is. I agree with the whole argument, and I want to add the part I can speak to as an engineer: how a team actually gets there. Because “supervision falls where the risk is” is exactly where software landed, and the way it got there was by learning to price review.

🔍 Pricing legal review

Blast radius exists in legal work, and it is computable more often than the profession assumes: contract value, indemnity and liability exposure, the distance of a requested deviation from the playbook position, whether the paper is your template or the counterparty’s, and whether it resembles anything the system has processed before. Reversibility above all. A standard NDA that expires in two years is the legal equivalent of the change that ships itself. An uncapped indemnity in a seven-figure MSA is the one touching payments, and no sane budget prices them the same.

The hard part is the pricing engine, and I want to be precise about why, because it decides which products deserve trust. A language model asked to score its own confidence will cheerfully overstate it; models are poorly calibrated on their own uncertainty by default. Turning “the agent handled this” into “this is safe to pass” takes engineering around the model: confidence scoring tuned to the team’s actual risk thresholds, routing logic a lawyer configured, and recalibration as every correction feeds back. When a reviewer overrides the same call three weeks running, the price of that category was set wrong, and the system should be the thing that notices.

Get the pricing right and the lawyer’s morning changes shape. The queue stops being forty documents needing forty readings. Most of the volume has cleared against playbook positions overnight, logged and inspectable. What waits is a short list of decisions, each arriving with its reasoning attached: an indemnity outside the usual position on a contract large enough to matter, a governing-law clause the system could not map with confidence. The lawyer spends the hour on judgment, which is the thing the department actually pays them for. Gartner now expects that by 2029 around half of contract reviews will be delegated to self-service systems that escalate one in ten to a human. I read that forecast less as a prediction about AI and more as a prediction that legal will learn to price.

A standard NDA that expires in two years is the legal equivalent of the change that ships itself. An uncapped indemnity in a seven-figure MSA is the one touching payments, and no sane budget prices them the same.

The question to ask

Here is what I am confident of, and what I am not. The trajectory seems clear to me; software is simply further along the same curve, and the physics of cheap generation and expensive attention are the same in both fields. What nobody can tell you is where your team’s line belongs, because early budgets will be mispriced in both directions. Some team will auto-clear a category it should not have, and the correction will be public and painful. Some team will keep hand-checking standard NDAs for two years longer than the evidence warranted, and that failure will never make the news, because it looks like diligence. It is worth saying that engineering has no survey proving how many teams run formal tiered review either. It is converged practice, visible in tooling defaults and telemetry rather than in standards. Legal should expect its own version to arrive the same way: quietly, team by team, ahead of the official guidance.

But the question to put to any system you are evaluating has, I think, already settled. Ask how good the drafts are, certainly. Then ask the question that decides whether the work ever leaves your desk: when this thing hands my team an output, does it tell them what that output should cost to review? A system that prices everything the same, whatever its accuracy, is asking your most expensive people to spend their attention at a flat rate on work that mostly never needed them. Legal departments have spent a decade learning what that mismatch costs when the unit is a contract. The next few years decide whether they repeat it when the unit is a review.

A legal team’s attention is the scarcest thing it owns. The discipline that matters now is refusing to spend it at flat rate.

✳️

Pricing review is step one. But the deeper shift is not reviewing faster at all.