AI in Tech Diligence: The Temptation, the Truth, and the Trade-Offs

With the rise of AI impacting every aspect of business, the natural question arises of where it fits into tech diligence and the potential it has to streamline and enhance this complex process.  On the extreme end, some believe that AI can handle everything—just like I could have let AI write this blog post—as long as all key inputs are provided. The real truth is, even though AI can tackle some aspects of due diligence effectively, it cannot replace the critical human touches—oversight, experience, and nuanced judgment—that are necessary for effective diligence. This article explores where it can help, and just as importantly, where it can’t.

Technical due diligence is a critical step in any investment or M&A transaction. It involves a deep dive into a company’s technology stack, architecture, processes, security, and technology team and requires specialized technical expertise not typically found in investment firms.

Every diligence process (technical or otherwise) broadly breaks down into three categories: data collection, assessment, and report creation. And while there is a role for AI in each phase, the prevalence of that role varies greatly, including some places where it is not appropriate at all.

Where AI Can Help

AI excels at tasks that involve processing vast amounts of data, identifying patterns, and automating repetitive activities. In tech due diligence, this translates into several key areas:

1. Data Collection and Extraction

Tech diligence involves collecting a significant amount of data in the form of documents provided (architecture diagrams, process documents, security policies, etc), responses to questionnaires, and answers provided verbally during interviews.  AI can significantly help automate the extraction of key information from these unstructured sources.

• Document Analysis: AI can effectively scan these artifacts to extract key data, summarize processes, and allow the technical due diligence team to “ask questions of the data room”.
• Note Taking: AI note takers can be utilized in this context to compile responses and organize them in a way that facilitates assessment.
• Market Trends – AI can analyze market data, industry reports, and publicly available information to provide insights into technology trends, competitive landscapes, and technical considerations that the Tech Diligence team should take into account.

2. Code Analysis and Quality Assessment

AI-powered tools can rapidly scan large codebases to identify potential vulnerabilities, code smells (things that don’t look right), technical debt, and adherence to coding standards. This can further reduce the manual effort required for code reviews and provide useful insights into code quality.

• Vulnerability Detection: AI can flag common security vulnerabilities (e.g., SQL injection, cross-site scripting) that might be overlooked by human reviewers.
• Technical Debt Identification: Tools can help to identify duplicate code, overly complex functions, and areas ripe for refactoring, giving insights into the long-term maintainability of the software.
• Licensing Compliance: AI can help identify open-source components and verify their licenses, ensuring compliance and mitigating legal and security risks.

3. Report Creation

Once data is processed and analyzed, AI can assist in generating structured reports and highlighting critical findings, accelerating the reporting phase of technical diligence.

Where AI Falls Short

Despite its impressive capabilities, AI is not a silver bullet for tech diligence. There are crucial areas where human expertise, judgment, and nuanced understanding remain indispensable.

1. Strategic Context and Business Alignment

AI can analyze technical data, but it struggles to understand the broader strategic context and how technology aligns with business objectives.

• Interpreting “Why”: AI can tell you “what” the technology is, but not “why” it was built a certain way, or “why” it’s the right solution for the business’s long-term goals.
• Understanding Business Impact: AI cannot fully grasp the business impact of technical decisions or the strategic implications of adopting or discarding certain technologies. This requires a deep understanding of the market, customer needs, and the company’s overall vision.

2. Nuance, Qualitative Assessment, and Human Factors

Tech due diligence often involves assessing subjective elements, such as team dynamics, engineering culture, and the effectiveness of communication within a technical organization. These qualitative aspects are beyond AI’s current capabilities.

• Team Dynamics and Culture: AI cannot evaluate the cohesion of an engineering team, their problem-solving approaches, or the effectiveness of their communication. These “soft skills” are crucial for project success and require human interaction and observation.
• Interviewing and Cross-Examination: AI cannot conduct interviews with key technical personnel to probe deeper into architectural decisions, challenges faced, or future roadmaps. It cannot ask follow-up questions, interpret body language, or detect hesitancy.
• Assessing Innovation Potential: While AI can identify emerging technologies, it cannot truly evaluate the innovative spirit of a team or their ability to adapt to future technological shifts based on past choices or a team’s mindset.
• Interpreting Scan Results: While it is true that AI can help with scanning large bodies of code, those results include many “false positives” that need to be interpreted by an architect to determine what is a genuine concern and what is not.

3. Handling Ambiguity and Unforeseen Issues

Real-world tech environments are often messy, with incomplete documentation, legacy systems, and unforeseen technical debt. AI struggles with ambiguity and situations that fall outside its training data.

• Interpreting Incomplete Information: AI is highly dependent on structured and complete data. When documentation is sparse or contradictory, so is its output. Human analysts are better equipped to piece together the puzzle and make informed inferences.
• Identifying “Unknown Unknowns”: AI can flag known risks, but it’s less effective at identifying “unknown unknowns” – issues that haven’t been explicitly defined or encountered in its training data. Experienced human eyes can spot subtle clues that indicate deeper, unarticulated problems that may exist “outside the box”.
• Negotiation and Relationship Building: Tech diligence is not just about data; it’s also about building trust and rapport with the target company’s team. AI cannot perform these interpersonal functions.

4. Hallucinations Are Real

Anyone who has used ChatGPT or similar tools understands that sometimes AI just gets it wrong.  In our efforts to determine how best to utilize AI in the tech diligence process, we have encountered numerous examples of critical errors and omissions that compromised the quality of the evaluation. Just as you might leverage ChatGPT as a powerful tool to help figure out what is going on with a medical issue, you would never make major decisions based on that information without validating it with a doctor.  This same guideline applies to tech diligence.

What Is the Right Question?

Approaching AI in tech diligence from the perspective of “how can this tool replace human effort?” is a fundamental misunderstanding of its true value. The right question to ask is, “How can AI empower our existing technical due diligence resources to go deeper and be more effective?” When viewed this way, AI becomes a powerful accelerant, not a replacement. It enables diligence teams to conduct higher-quality assessments, leading to better mitigation of investor risk and a more successful integration or investment for the target company. By offloading data-intensive, repetitive tasks to AI, human experts are freed to focus on strategic analysis, nuanced qualitative assessments, and critical human interactions, ultimately delivering a more comprehensive and insightful tech diligence process.

Conclusion

AI is an invaluable tool for tech due diligence, capable of accelerating data processing, identifying patterns, and automating routine tasks. It can meaningfully enhance efficiency and provide data-driven insights. However, it’s crucial to recognize that AI is a tool and not a silver bullet. Human expertise, critical thinking, strategic understanding, and the ability to interpret nuance and build relationships remain paramount. The most effective approach to tech due diligence involves a close relationship between advanced AI tools and experienced technology experts, leveraging the strengths of both to conduct thorough, insightful, and ultimately successful evaluations.