Ask an AI to build a feature and it builds the feature. Ask it to handle every way that feature can fail and you get... silence.
Error handling is the most consistently under-generated aspect of AI code. The happy path is complete. The sad path is missing or superficial.
This isn't an oversight in a single tool. It's a pattern across all AI coding tools. Cursor, Copilot, Claude Code — they all generate features optimistically. The login works. The form submits. The API returns data. But what happens when the network is down? When the API returns a 500? When the user submits a form with malicious input? When the session expires mid-flow?
CodeRabbit's analysis confirmed this: AI-generated code has 1.75x more logic and correctness errors, and many of these are error-handling gaps.
The Error Handling Taxonomy
Network errors: API calls fail. Timeouts occur. Connections drop. AI-generated code often doesn't implement retry logic, timeout handling, or offline states.
Validation errors: User input is unexpected. AI-generated forms often validate on the client but not the server, or validate the format but not the business logic.
State errors: The application reaches an unexpected state. A deleted record is referenced. A session expires. A concurrent user modifies shared data. AI-generated code assumes happy-path state progression.
Third-party errors: External services fail. Payment processors return errors. OAuth providers are down. AI-generated integrations often assume the external service is always available.
Resource errors: Database connections exhausted. Memory limits hit. File storage full. AI-generated code rarely includes resource-aware error handling.
Why Manual Testing Misses Error Handling
Developers testing their own code naturally follow the happy path. They built the feature to do X, so they test X. Testing what happens when X fails requires deliberately breaking things, which is psychologically harder and takes more effort.
TestSprite's testing engine generates tests for error states automatically. It doesn't just test that the login works — it tests what happens when login fails, when the session expires, when the API is slow, when input is malicious. These error-state tests run alongside happy-path tests on every PR.
The bugs that cause production incidents aren't in the happy path. They're in the error handling that nobody tested.