AI-Generated Code Has No Resilience Patterns Unless You Asked for Them
AI code generators optimize for functional correctness, not operational resilience. Retries, timeouts, circuit breakers, and rate limit handling are almost never generated unless explicitly requested.
By Contributor · published 5/30/2026
A documented pattern in AI-generated code: the code is functionally correct under ideal conditions but brittle under real-world load. As documented in analysis of AI-generated code risks: “AI-generated designs often omit resilience mechanisms such as retries, timeouts, rate limits, circuit breakers, or bulkheads unless explicitly requested.” ([Nobl9](https://www.nobl9.com/resources/risks-of-ai-generated-code))
**What “looks correct but isn’t resilient” looks like:**
A Supabase query that works perfectly in development but doesn’t handle the case where the database is momentarily unavailable. An OpenAI API call that throws an unhandled exception when the rate limit is hit. A Stripe webhook handler that processes synchronously without a timeout safeguard.
**The specific gaps most often missing:**
- No retry with exponential backoff on transient failures
- No timeout on external API calls (a hanging request blocks the thread)
- No rate limit awareness (OpenAI `429` errors unhandled = crashes)
- No circuit breaker (a downstream failure cascades through the whole app)
- No graceful degradation (a failed AI response crashes the UI instead of showing a fallback)
**How to prompt for resilience:**
Add explicit requirements to your prompts: “Add retry logic with exponential backoff for all Supabase queries. Handle the case where the API returns a 429 rate limit error. Add a 10-second timeout on all external HTTP calls.”
## Why it matters
An app that works in demo but fails under real traffic is not ready for real users. The gap between “it works” and “it works reliably” is resilience patterns — and AI doesn’t add them by default.
## Suggested next action
Review your app’s external API calls (Supabase, OpenAI, Stripe). For each one, ask: what happens if this call takes 30 seconds? What happens if it returns a 500 error?
