A missing link right now is automated high-quality code reviews. I would love an adversarial code review agent that has a persona oriented around all incoming code being slop, that leverages a wealth of knowledge (both manually written by the team and/or aggregated from previous/historical code reviews). And that agent should pull no punches when reviewing code.
This would augment actual engineer code reviews and help deal with volume.
Cursor Bugbot is a game changer — runs on PR and finds the most subtle of bugs in enormous PRs.
I've been asking for security audits as I go. It's not perfect but it's something. And it picks up the most obvious stuff.