It's invisible until it isn't — and when it surfaces, it surfaces as a six-figure rewrite, a senior engineer quitting, or a security audit failure.
Traditional technical debt is code you know is bad. Comprehension debt is code that looks fine and is a black box inside your own system.
A developer tries to modify a function the AI wrote. Nobody can explain why it's structured that way. There's no author to ask, no Slack thread with the reasoning, no commit message with context. There's just working code that has become, functionally, unmaintainable.
What Comprehension Debt Looks Like
The GitClear study of 211 million lines of code across major repositories from 2020 to 2024 found:
- Copy-pasted code rose from 8.3% to 12.3%.
- Refactored code dropped from 25% to under 10%.
- Code duplication blocks increased eightfold.
- AI-assisted code saw a 39% increase in code churn — rewritten or deleted within two weeks of being written.
That last number is the tell. Code that gets rewritten within two weeks wasn't understood when it was written.
The Three Symptoms
Symptom 1: Nobody can explain the PR two weeks later.
Run this test: two weeks after a PR merges, ask a developer to explain a function from that PR without looking at the code. If they can't, you have comprehension debt.
Symptom 2: Every bug fix introduces two new bugs.
This is the "fix one, break ten" loop. It happens when the AI generated interconnected logic that nobody mapped. A change in one place cascades invisibly.
Symptom 3: New engineers take months to become productive.
Onboarding time is a direct proxy for codebase comprehension. If it takes three months for a new senior engineer to contribute confidently, the codebase has a comprehension problem.
How to Audit for Comprehension Debt
We use a four-step audit when we inherit a codebase:
- Churn analysis. Pull git history. Flag any file touched more than 4 times in 60 days without a corresponding feature. That's a debt cluster.
- Ownership mapping. Can every module be assigned to a human who understands it? Unowned modules are comprehension debt.
- Dependency tracing. Follow every external API call and database write. Can someone explain the failure mode of each? If not, it's unmapped risk.
- The two-week comprehension test. Described above. Run it systematically across recent PRs.
What Remediation Looks Like
Comprehension debt can't be fixed by the AI that created it. The model doesn't retain context between sessions and can't reconstruct its own reasoning. Remediation requires human engineers doing three things:
- Document the implicit decisions. Every architectural choice the AI made without explanation needs a written rationale — even if that rationale is "we don't know why, so we're replacing this."
- Establish ownership. Every module, service, and data flow needs a named human who is accountable for understanding it.
- Set comprehension gates. No PR merges unless the author can explain it in plain language to a reviewer who hasn't seen it before.
FAQ
Is this just normal technical debt with a new name?
No. Normal technical debt is debt you chose — you know it's hacky and plan to fix it. Comprehension debt is debt you don't know you have, because the code works. The asymmetry is what makes it dangerous.
Can't the AI just re-explain its own code?
It can generate an explanation, but it can't guarantee that explanation is accurate. The model has no memory of the decisions it made in a prior session. It will produce a plausible explanation, which may or may not match the actual intent.
How much does comprehension debt slow down a team?
The METR study found experienced developers were 19% slower when using AI tools while believing they were 20% faster — a 39-point perception gap. Much of that hidden slowdown is comprehension debt materializing as rework.
When does comprehension debt become a rewrite-level problem?
When more than 40% of your codebase has no named owner and churn is accelerating. At that point, incremental remediation costs more than a structured rewrite of the highest-risk modules.
Need a codebase audit?
If your codebase works but nobody can confidently explain it, the next problem is already forming. A focused audit can show where the real risk is.
Apply for a 30-min intro callRelated: My vibe-coded app worked in demo. It broke in production. Now what?
Related: You built it with AI. Now it's broken and you can't fix it.
Related: An AI agent deleted your production database. Here's what happens next.
Related: Your vibe-coded app just had a security breach. Here's why it was inevitable.
Related: Your AI coding bill is out of control. Here's how to fix it.
Related: You let your senior engineers go. Now nobody can review the AI output.