Written by: Mark Hull, Co-Founder and CEO, Exceeds AI
Key Takeaways
- AI code detectors remain probabilistic classifiers and cannot deliver deterministic authorship needed for engineering governance and compliance.
- Heuristic and watermark-based detectors reach only 20–25% real-world accuracy on edited or hybrid human-AI code and fail in multi-tool environments.
- Client-level provenance captures authorship at the source on the engineer’s machine and produces portable, line-level attestations that survive edits and travel with the repository.
- Exceeds Ink delivers deterministic, tool-aware, mode-aware attribution across Claude Code, Cursor, Codex, Copilot, and Windsurf without long-lived daemons or vendor lock-in.
- Engineering leaders who need reliable AI code governance can start a free pilot with Exceeds AI and replace guesswork with auditable proof.
The Problem: AI Code Governance Without Trustworthy Authorship
AI coding tools now sit inside daily engineering workflows. Eighty-four percent of developers are using or planning to use AI tools, and 51% of professional developers use them daily. That adoption rate creates an immediate governance problem. When most new code may involve AI, leaders need authoritative attribution to report ROI to boards, make defensible hiring decisions, and manage technical debt.
Unreliable attribution has measurable consequences. Analysis of 470 GitHub PRs found AI-generated code creates 10.83 issues per pull request versus 6.45 for human-written code, a 1.7x higher bug density, with logic and correctness errors occurring 75% more often. Many of those defects surface long after review. Short-term metrics miss defects that appear 30, 60, or 90 days later. Governance therefore requires longitudinal tracking, not snapshot views.
Most teams first reach for heuristic and watermark-based AI code detectors. By Exceeds AI’s assessment, these tools top out around 20–25% accuracy under real-world conditions, and accuracy degrades further on edited, refactored, or hybrid human-AI code. AI detector accuracy drops significantly for edited, paraphrased, or hybrid AI content, which increases both false negatives and uncertainty. A tool that cannot reliably classify refactored code cannot support a board presentation or a compliance audit.
Why Heuristics and Watermarks Break Under Real Engineering Use
Pattern-based detectors analyze statistical signals such as token entropy, variable naming conventions, and comment density, then assign a probability score. These signals do not remain stable over time. As LLMs produce more human-like output with greater variability, detection becomes less reliable as AI models produce more human-like writing, causing AI detectors to lag behind advancements and reducing overall reliability. Watermark-based approaches depend on the AI tool embedding a detectable marker in its output. That signal disappears as soon as an engineer edits a single line.
The empirical record on source code is stark. An empirical study presented at ICSE-SEET ’24 collected a dataset of 5,069 samples to examine AI-generated code detectors. Results showed inconsistent performance across languages, models, and editing patterns, reinforcing that output-level signals do not support governance-grade attribution.
The multi-tool reality of 2026 compounds the problem. Engineers switch between Cursor for feature work, Claude Code for large-scale refactoring, Codex for batch transforms, GitHub Copilot for autocomplete, and Windsurf for specialized workflows, often within a single sprint. A heuristic detector trained on one tool’s output patterns has no reliable signal for another tool’s stylistic fingerprint. Tool blindness when teams use multiple AI coding tools is a documented measurement pitfall that prevents leaders from proving ROI or managing technical debt. No probabilistic classifier resolves this limitation because the required signal does not exist at the output layer.
Client-Level Provenance: Deterministic Proof Instead of Probability Scores
Client-level provenance solves the gaps that heuristic detectors cannot. The provenance layer observes what actually happens on the engineer’s machine at the moment work occurs. It records which tool was invoked, which lines it produced, how many tokens it consumed, and which interaction mode the engineer used. The system then writes that observation as a structured, machine-readable attestation alongside the commit, creating a portable audit record that travels with the repository.
A governance-grade provenance layer needs four capabilities that work together. It must provide deterministic attribution instead of probability scores. It must store portable attestation inside the repository so evidence survives outside any vendor’s platform. It must cover multiple tools across the full AI toolchain so leaders avoid blind spots. It must track outcomes over 30, 60, and 90 days so attributed lines connect to production behavior. These four capabilities form a complete audit trail: deterministic attribution supplies ground truth, portable attestation keeps that truth attached to the code, multi-tool coverage reflects real workflows, and longitudinal tracking links authorship to real-world impact. No heuristic or watermark-based detector satisfies these requirements because they infer authorship from output rather than capture it at the source. Client-level capture satisfies all of them by observing activity directly on the engineer’s machine.
Accuracy Expectations: Probabilistic Detectors Versus Exceeds Ink
The accuracy gap between probabilistic detectors and client-level provenance is categorical, not incremental. Heuristic detectors operating on clean, unmodified AI text may reach accuracy claims above 90% in vendor-controlled validation studies, but those claims do not generalize well to real-world edited or hybrid content. Under production conditions, where engineers edit, refactor, and combine AI-generated and human-written code in the same file, the 20–25% accuracy ceiling mentioned earlier becomes the actual operating range. False-positive risk remains significant. AI detectors can produce false positives where human-written content is mistakenly flagged as AI-generated, which directly affects hiring decisions and performance reviews.
Edit and refactor resilience exposes the limits of probabilistic tools most clearly. A function that began as Claude Code output and was later restructured by a human engineer no longer carries a reliable statistical fingerprint. The detector sees ambiguous patterns and either misclassifies the function or returns a low-confidence score that leaders cannot act on. Multi-tool support also remains absent. A detector calibrated on GitHub Copilot output has no principled basis for attributing a Cursor agent-mode session or a Codex headless batch task.
Exceeds Ink operates differently at every dimension. Attribution is deterministic because Ink captures authorship at the source on the engineer’s machine at commit finalization. Per-tool checkpoint materializers for Claude Code, Cursor, and Codex resolve edit evidence against the actual working tree at commit time. Human-typed lines within a multi-edit Cursor session remain correctly attributed to humans, and Claude Code rewrites are attributed to Claude. Lines that cannot be confidently attributed are recorded as unknown_lines rather than silently assigned to either category. The result is a Git Note at refs/notes/exceeds-ink that is line-level, tool-aware, mode-aware, and auditable by anyone with repository access.
How Exceeds Ink Captures Line-Level, Commit-Level Proof
Exceeds Ink runs as a single lightweight Rust binary that captures AI authorship locally first. Every event lands in a SQLite database on the developer’s machine before any optional remote delivery. Capture runs from standard Git hooks (prepare-commit-msg, post-commit, post-rewrite) on a per-repo opt-in basis, with no global git config mutation and no long-lived daemon on the developer’s machine. Ink never sits in the request path between engineers and their AI vendors and makes no calls to Anthropic, OpenAI, Microsoft, or any AI provider.
The attestation written to refs/notes/exceeds-ink carries, for every line, the tool, model, session, turn, interaction mode, and timestamp. This level of detail matters because different interaction modes produce different quality profiles. Code generated in agent mode deserves different review scrutiny than autocomplete suggestions. Interaction-mode classification into plan, ask, agent, edit, or headless provides a signal no competing product publishes and forms the basis for actionable coaching. Token cost per agent and model is captured directly, with Cursor billing read from Cursor’s own state database for exact accuracy, so financial spend and engineering outcomes appear in the same view.
Span-of-control pressure makes this automation essential. Engineering managers now support team ratios near 1:8 instead of the prior 1:5 industry norm, reducing feasibility of deep manual code inspection across all changes. Ink’s attestation does not require manual inspection. It is machine-readable JSON that feeds directly into the Exceeds AI platform, policy engines, and IDP scorecards. Security review is addressed by design. The capture code is fully auditable. HMAC-SHA256-signed remote ingest uses revocable per-machine tokens. LLM-based prompt redaction runs before any prompt content is persisted. An aggregate-only mode keeps transcripts off the wire entirely through a single environment variable. Deployment remains the organization’s choice: local only, self-hosted collector, or Exceeds-hosted, with the same binary, the same Git Notes, and the same dashboards in every option.
Practical Adoption: Security Review, Time to Value, and Team Buy-In
IT security review creates the primary adoption friction for any code-level provenance tool. Exceeds Ink is built to pass that review. Code exists on Exceeds servers for seconds before permanent deletion. No permanent source code storage occurs, and only commit metadata and snippet information persist. Data is encrypted at rest and in transit. SSO and SAML are supported. Data residency options cover US-only and EU-only hosting for enterprise requirements. An in-SCM deployment option supports organizations that require analysis within their own infrastructure with no external data transfer. Exceeds has passed enterprise security reviews, including a Fortune 500 retailer with a formal two-month evaluation process.
Time to value remains short. GitHub or GitLab OAuth authorization takes about five minutes. First insights arrive within 60 minutes of onboarding. Complete historical analysis typically finishes within four hours. Real-time updates follow within five minutes of new commits. Organizations move from AI pilot to full production implementation in approximately 90 days. Exceeds Ink’s hours-to-value timeline fits that window without requiring a parallel enterprise sales cycle.
Organizational change management relies on a two-sided value model. Engineers receive the ink-prompting-coach skill, a SKILL.md and slash command that installs directly into their own Claude Code or Cursor agent. Coaching then appears where the work happens instead of in a distant dashboard. Developers frequently describe postponed testing, incomplete adaptation of AI-generated code, and limited understanding of AI-generated logic. Coaching delivered inside the agent addresses these patterns at the point of generation and helps teams improve quality without extra meetings or manual reviews.
Frequently Asked Questions
Do AI code detectors produce false positives on human-written code?
AI code detectors do produce false positives on human-written code, and the rate is not trivial. Probabilistic detectors analyze statistical patterns in output such as entropy, token distribution, and naming conventions, then assign a likelihood score. Human engineers who write terse, formulaic, or highly structured code can produce output that resembles LLM-generated text and trigger a false positive. Non-native English speakers and developers early in their careers face elevated false-positive risk because their writing patterns diverge from the training distribution detectors use as a baseline for “human.” In governance contexts such as hiring decisions, performance reviews, and compliance audits, a false positive carries real consequences. Exceeds Ink removes this failure mode by capturing authorship at the source instead of inferring it from output. Lines that cannot be confidently attributed are recorded as unknown_lines, not silently assigned to either category.
How does Exceeds Ink handle teams that use five or six different AI tools simultaneously?
Multi-tool environments represent the primary use case Exceeds Ink targets. Ink ships five first-class adapters with deep per-tool fidelity for Claude Code, Cursor, Codex (OpenAI), GitHub Copilot, and Windsurf, plus lighter-weight detection across roughly 50 additional AI tools. Per-tool checkpoint materializers resolve edit evidence against the actual working tree at commit finalization. A session that involved both Cursor edits and human typing therefore retains the human-typed lines as human. The attestation records the specific tool, model, session, and interaction mode for every attributed line. Leaders gain aggregate visibility across the full toolchain and tool-by-tool outcome comparison in a single view.
Will IT approve a tool that requires repo access and an on-machine install?
Exceeds Ink is designed specifically to pass enterprise IT security review. The binary runs as a single lightweight Rust process that starts only when a Git hook fires and exits immediately. No long-lived daemon runs, no PATH-shimmed git binary appears, and no global git config mutation occurs. As noted earlier, code is deleted within seconds rather than stored permanently. Remote ingest is HMAC-SHA256-signed with revocable per-machine tokens. LLM-based prompt redaction runs before any prompt content is persisted. An aggregate-only mode keeps transcripts off the wire entirely. SSO, SAML, audit logs, data residency options, and an in-SCM deployment path for highest-security requirements are all available. Exceeds has successfully completed a formal two-month security evaluation at a Fortune 500 retailer.
What does Exceeds AI cost, and how is it different from per-seat pricing?
Exceeds uses outcome-aligned pricing with no per-contributor data tax. The Pro plan costs $49 per manager per month (Early Partner Pricing) and covers unlimited contributors and repositories. You pay for manager seats and the insights you use, not for every engineer analyzed. A free seven-day pilot covers one seat, up to ten contributors, and five repositories. Exceeds Ink is available as an add-on to the Pro and Enterprise plans or as a standalone product that pipes provenance data directly into your own data warehouse and BI tools. Enterprise pricing is custom and includes the full integration set, including GitHub, GitLab, Azure DevOps, JIRA, and Linear, plus AI Insight Credits with bring-your-own-key support.
Can Exceeds AI replace our existing developer analytics platform?
Exceeds AI does not replace traditional developer analytics platforms. It acts as the AI intelligence layer that sits on top of them. Tools like Jellyfish, LinearB, and Swarmia track metadata such as PR cycle times, commit volumes, and review latency. They cannot distinguish AI-generated lines from human-written ones at the code level and therefore cannot prove AI ROI or manage AI technical debt. Exceeds integrates with your existing stack, including GitHub, GitLab, Azure DevOps, JIRA, Linear, and Slack, and provides the code-level, commit-level attribution those tools cannot deliver. Most customers run Exceeds alongside their existing platform rather than replacing it.
Conclusion: Setting a Higher Standard for AI Code Governance
The visibility gap created by unreliable AI code detectors represents a structural governance failure, not a minor inconvenience. Eighty-one percent of organizations say they do not have complete visibility of how AI is used across development, and 65% say that AI coding assistants increase risk. Probabilistic detectors operating at 20–25% real-world accuracy on edited code cannot close that gap. They output probability scores where governance requires evidence and lose signal in the multi-tool environments where engineering teams actually work.
Client-level provenance sets the standard that governance requires. Deterministic attribution, portable attestation in the repository, multi-tool coverage, and longitudinal outcome tracking form the four capabilities that separate a governance-grade solution from a screening aid. Effective AI code governance requires visibility and inventory of AI-generated code usage, policies applied consistently, risk assessment with preventive controls, and ongoing monitoring and auditability for portfolio-level trends and evidence. Probabilistic detectors cannot meet those expectations.
Engineering leaders evaluating solutions in 2026 can apply a direct test. A qualifying tool must produce a machine-readable, line-level audit record that attributes every AI-touched line to a specific tool, model, session, and interaction mode, stored in the repository and readable by anyone with repo access. A probability score instead of a structured attestation signals a screening aid, not a governance solution.
Exceeds Ink is the only provenance layer that meets that standard across the full AI toolchain, without a long-lived daemon, without a PATH-shimmed git binary, and without locking attestation data inside a proprietary cloud.
Replace probability scores with auditable proof—launch your free pilot