Building trust in AI engineers

I recently commented that "I'd love to return to (software) coding", and almost immediately the idea got shot down by a friend who said, "AI writes most of my code now."

Welcome to the reality of 2025. Suppose knowledge workers are concerned about losing their jobs to technologies like artificial intelligence.

In that case, they need only look at what is happening among their tech colleagues to gain a sense of how real this threat is.

In 2024, 152,922 tech employees at 551 tech companies, according to Layoffs.fyi. In the US, outplacement firm Challenger, Grey & Christmas now ranks AI among the top five causes of workforce reductions for 2025.

In the Asia-Pacific region, AI adoption is accelerating at a pace second only to North America, with organisations racing to integrate generative AI (GenAI) to boost productivity and innovation amid fierce fintech competition and evolving customer demands.

A 2025 IDC survey highlights that over 60% of regional CIOs identify talent shortages and integration complexities as key hurdles in scaling AI, yet pragmatic applications—such as bespoke in-house tools—are set to dominate, shifting from hype to measurable value.

For CIOs in Asia, where banking and financial services are optimising data infrastructures for AI readiness, the central question revolves around trust: how reliable are AI' engineers' in delivering secure, compliant, and efficient software?

Trust and compliance in AI-generated code

For CIOs in Asia overseeing software engineering in regulated sectors, such as finance, ensuring AI-generated code complies with standards like data privacy laws (e.g., Singapore's PDPA or China's PIPL) and maintaining audit trails is paramount to mitigate risks in 2025–2026.

Forrester's vice president and principal analyst, Diego Lo Giudice, emphasises the need to "go beyond prompt engineering and adopt context engineering," providing GenAI tools with detailed organisational coding standards, libraries, APIs, and compliance frameworks.

He highlights leveraging TuringBot's contextualisation capabilities and performing non-functional testing on all AI-generated code to validate compliance, security, and performance.

"The most cost-effective way to achieve this is by leveraging the TuringBot's built-in capabilities for contextualisation, typically through vector embeddings, Retrieval-Augmented Generation (RAG), and other mechanisms that ingest and apply enterprise-specific data." Diego Lo Guidice

"Fine-tuning AI models with specific standards may be necessary, but should be justified by a strong business case," he adds.

Sunny Rao, senior vice president of APAC at JFrog, stresses the need for a system of record that captures every code change and deployment for complete traceability. "Continuous monitoring ensures policy and security compliance from build to release," he says.

Rao further states, "Meeting regulatory and audit requirements for AI-generated code is not about burdening developers with more rules but embedding governance into the development environment, making compliance the default."

These approaches align closely with 2025 trends, where automated scanning for licensing and vulnerabilities is paired with traceability and logging for dispute resolution. With 34% of Asia-Pacific organisations focusing on AI oversight, ethical deployment, and governance are critical regional priorities.

AI use among Asian banks

In Asia's banking sector, where fintech innovation and rising customer expectations drive competition, leaders are cautiously embracing AI-generated code, striking a balance between agility and risk management.

Lo Giudice notes the accelerating adoption of AI in banks across Australia, Singapore, and the region, with 33% using Low-Code/no-code tools powered by TuringBots and 44% employing direct code generation tools like GitHub Copilot (figures for Australia and New Zealand).

"This shift is driven by the need to stay competitive amid rising fintech innovation and customer expectations," says Lo Giudice. "We see a high number of financial services institutions in Asia-Pacific have optimised their data infrastructure for AI, signalling readiness for broader deployment."

Rao highlights the cautious piloting of AI in air-gapped environments to protect data and meet compliance, referencing tightening regulations such as Indonesia's OJK AI governance rules, China's Generative AI Measures, South Korea's upcoming AI Basic Act, and Singapore's Monetary Authority FEAT Principles, which emphasise fairness, ethics, transparency, and accountability.

"With the right governance and secure pipelines, banks can innovate with AI quickly, without risking compliance or reputation. The winners in the next decade will be those building Zero Trust governance-first architectures underpinning automation-driven infrastructures." Sunny Rao

Industry data supports this cautious optimism: Asia-Pacific banks reported a 21% increase in AI adoption in 2025, with GenAI improving efficiency in credit approvals and product development.

Projections estimate AI could save 20–40% on software investments by 2028, making it a strategic imperative.

Essential human oversight

Trust in AI-generated software demands robust human oversight. Lo Giudice insists, "Today, the oversight needs to be 100%. All AI-generated code must undergo unit, functional, and non-functional testing for security, performance, and compliance."

Human review is especially crucial in sensitive sectors, reflecting regulatory expectations in Asia.

Rao elaborates, "Human oversight is a regulatory requirement and a risk safeguard. South Korea's AI Basic Act mandates meaningful human monitoring, and China's Generative AI Measures require transparency and accountability."

Banks must maintain audit logs, conduct backtesting for bias, and retain override capabilities prior to production. "A secure-by-design delivery pipeline with human-in-the-loop controls ensures compliance and maintains trust," he adds.

The most resilient banks will combine AI automation with human judgment and transparent governance to scale AI safely. Research shows that AI supports developers' productivity, while humans safeguard quality and ethics; a hybrid approach is crucial for Asian CIOs managing financial applications.

Measuring AI ROI

Measuring AI ROI in software engineering is essential for Asian CIOs to justify investments amid budget and talent constraints. "The metrics framework doesn't change much but needs to be customised to each organisation's objectives and pain points," says Lo Giudice.

He advises focusing on business objectives while tailoring metrics dashboards for teams, managers, and executives.

Rao suggests measuring ROI by speed and trust metrics: faster time-to-market without compliance failures, increased releases with full audit trails, reduced audit times, and pre-production vulnerability fixes.

For projects involving large language models, tracking infrastructure savings and minimising governance exceptions is crucial.

"Costs may spike before efficiencies emerge or follow a bell curve. Knowing cost limits is vital for investment decisions. A trusted system of record transforms metrics into actionable insights, proving compliance and unlocking innovation," Rao explains.

Supporting these frameworks, a 2025 guide advises tracking productivity gains, ROI from automated testing, and the impacts of code reviews, with banks expected to increase their AI budgets by 25%.

With projections indicating that 41% of AI investments will flow to GenAI, robust metrics help CIOs navigate elusive returns, often around 5.9% for enterprise initiatives, by emphasising productivity and risk mitigation.