46% of GitHub Code Is Now AI-Generated — Qodo Raised $70M to Clean Up the Mess

Nearly half the code on GitHub is now written by machines. Claude Code alone accounts for over 4% of public commits. Cursor, Copilot, Windsurf, and a dozen other AI coding tools are collectively producing billions of lines of code every month. And here’s the uncomfortable truth nobody in the “vibe coding” hype cycle wants to talk about: AI-generated code creates 1.7 times more issues than human-written code. 75% more logic and correctness errors. 194 incidents per hundred pull requests. In March 2026 alone, 35 new CVE entries were disclosed that traced directly to AI-generated code — up from six in January and fifteen in February.

The industry spent billions making AI write code. Now someone has to make sure that code actually works.

On March 30, 2026, Qodo announced a $70 million Series B round led by Qumra Capital, bringing total capital raised to $120 million. The round included Maor Ventures, Phoenix Capital Partners, S Ventures, Square Peg, Susa Ventures, TLV Partners, Vine Ventures, and — notably — Peter Welender from OpenAI and Clara Shih from Meta as angel investors. When people from the companies building the AI coding tools are personally backing the company that checks AI-generated code, that tells you something about where even the insiders think the risk is.

Multi-Agent Code Review Is Not a Marketing Buzzword Here

Most AI code review tools work like this: one model reads your pull request, generates some comments, and hopes for the best. It’s a single pass through a single context window, trying to simultaneously spot security vulnerabilities, logic errors, style inconsistencies, and architectural problems. That’s asking one brain to be a security expert, a performance engineer, a style guide enforcer, and a senior architect all at once.

Qodo 2.0, released in February 2026, takes a fundamentally different approach. Instead of one generalist agent, it breaks code review into focused tasks handled by specialized agents. One agent looks at security. Another evaluates test coverage. Another checks architectural patterns. Each operates with its own dedicated context, pulling from the full codebase, dependency graph, and — this is the part that matters — the pull request history.

That last piece is underrated. Qodo’s context engine doesn’t just look at the code as it is now. It looks at how the team has been reviewing code over time, what patterns they’ve enforced, what suggestions they’ve accepted or rejected. The system learns your team’s standards, not just generic best practices from a training set.

There’s also a recommendation agent that references past PRs, previous review feedback, and recurring patterns. If your team rejected a certain approach three times in the last month, Qodo knows that. If a senior engineer always flags a particular anti-pattern, the system learns to flag it too. This is the difference between an AI that has read a lot of code and one that actually understands how your team works.

Then there’s the judge agent. After the specialized agents do their work, the judge evaluates all findings, resolves conflicts between agents, removes duplicates, and filters out low-confidence noise. Only issues that clear a high relevance threshold make it into the final review. This is how you avoid the single biggest complaint about AI code review: too many false positives drowning out the real problems.

The benchmark results back this up. On Martian’s Code Review Bench, Qodo scored 64.3% — more than 10 points ahead of the next competitor and 25 points ahead of Claude Code Review. On their own benchmark, Qodo 2.0 achieved the highest F1 score at 60.1%, outperforming the next solution by 9%, with 56.7% recall — meaning it catches more real issues than anything else tested. Benchmarks have limitations, sure, but a 10-point gap isn’t noise. That’s a structural advantage from the multi-agent architecture doing what a single-pass approach can’t.

From Test Generation Startup to $120M Enterprise Platform

Qodo wasn’t always Qodo. The company started as CodiumAI in 2022, founded by Itamar Friedman and Dedy Kredo in Tel Aviv. Friedman’s background is worth noting — he previously directed AI labs at both NVIDIA and Alibaba in Israel. Kredo came from VMware. The original thesis was narrower: automated test generation. The idea that AI could write the tests that validate the code it produces.

The pivot to code review and governance happened as the market shifted underneath them. By 2023, AI coding tools went from novelty to mainstream. By 2024, enterprises were deploying them at scale. And by 2025, the quality problem became impossible to ignore. Stripe’s Minions were shipping 1,300 PRs per week with zero human-written code. Other enterprises were seeing similar volumes. The bottleneck shifted from “how do we write code faster” to “how do we trust what the AI wrote.”

CodiumAI rebranded to Qodo in September 2024 alongside a $40 million Series A led by Susa Ventures and Square Peg. The name combines “Quality” and “Code” — not subtle, but accurate. By then, the company had reached 500,000 developers and was building out enterprise contracts.

The customer list now reads like a Fortune 500 roster: Walmart, NVIDIA, Red Hat, Box, Intuit, Ford Motors, Monday.com. The company employs 100 people across Israel, the US, and Europe. The $70 million Series B is earmarked for scaling enterprise operations globally and expanding the engineering team, with immediate hiring focused on the Tel Aviv office.

The funding trajectory alone tells a story about market timing. $11 million seed in March 2023 — early bet on code quality. $40 million Series A in September 2024 — the “oh, AI code is everywhere now” round. $70 million Series B in March 2026 — the “this is no longer optional for enterprises” round. Each raise maps to a phase of the AI coding adoption curve.

The Code Verification Market Is Getting Crowded — But Not Equally

Qodo is not the only company that sees the opportunity. The code review space has gotten competitive fast, and the differentiation between tools matters more than it looks at first glance.

GitHub Copilot Code Review is the obvious incumbent play. It’s bundled with existing Copilot seats, takes seconds to enable, and lives natively inside the world’s largest code hosting platform. The advantage is distribution. The disadvantage is depth — it’s a single-pass review from a generalist model, and as the Copilot ads-in-PRs incident showed, developers are increasingly questioning how much they can trust Microsoft’s tool to act purely in their interest.

CodeRabbit positions itself as the lightweight, hosted solution — GitHub, GitLab, and Bitbucket support with quick onboarding. Good for smaller teams with simpler codebases. But it lacks the multi-agent depth and enterprise governance features that larger organizations need.

Cubic, from the Y Combinator ecosystem, targets complicated codebases specifically — logic regressions, duplication, style drift, security gaps. It’s the closest in philosophy to Qodo’s approach, but without the same scale of enterprise deployment or the multi-agent architecture.

Then there’s Entire, Thomas Dohmke’s post-GitHub venture that raised $60 million at a $300 million valuation to build what he calls the “reasoning trail” layer for AI-generated code. Entire’s approach is different — it captures the prompts, constraints, and iterative thinking behind AI code changes, making the review process more transparent rather than automating the review itself. It’s complementary to Qodo more than competitive, but they’re both drawing from the same pool of enterprise budget for “making AI code trustworthy.”

The meaningful distinction is this: most competitors treat code review as a feature within a broader AI coding tool. Qodo treats it as the entire product. That single-mindedness shows up in the benchmark results, in the depth of the multi-agent architecture, and in the enterprise governance features — compliance rule enforcement, ticket traceability, on-premises deployment, air-gapped environments. These aren’t nice-to-haves for a Walmart or a Ford. When your code runs payment processing for millions of customers or manages supply chains across continents, “the AI said it looks fine” doesn’t cut it. You need audit trails, you need policy enforcement, and you need the system to run inside your own infrastructure if regulations demand it.

The Verification Layer Thesis

Here’s the bigger picture behind the $70 million. The AI coding market has a structural problem. The tools that generate code are getting better every month. But the faster they generate, the wider the quality gap becomes. CodeRabbit’s own research found that AI PRs have 75% more logic errors. SWE-CI benchmarks keep exposing what AI coding agents still can’t do reliably. The CVE count from AI code is accelerating, not stabilizing.

This creates a market that’s almost guaranteed to grow in lockstep with AI code generation. Every dollar spent on Copilot, Cursor, and Claude Code creates downstream demand for verification. Qodo’s CEO Itamar Friedman calls it “the verification layer” — and framing it that way is smart because it positions Qodo not as competing with AI coding tools, but as the necessary complement to all of them.

The $120 million in total funding, the enterprise customer list, the No. 1 benchmark ranking, and an OpenAI investor backing a company that checks OpenAI-powered code — these data points converge on a single thesis: the next bottleneck in software development isn’t writing code. It’s trusting code. And right now, Qodo is the most well-funded, most battle-tested bet that verification will become as essential to the development stack as the code generation tools themselves.

Top AI Product

Leave a comment Cancel reply