Any system will have failures. The goal is to eliminate some of those failures through multiple checks. The automated system can help by bringing up possible issues that couldn't be monitored by humans. But then it should be humans reviewing these alerts for false positives. It should be much like using a security scanning tool. Findings will come up and you need someone to disposition them. Some will need no actions false positives or issues under your risk tolerance, but then others need appropriate responses. It seemes in the cases like the example, you have a intern running the scan tool and turning every finding into a high vulnerability because they don't know any better than to blindly trust the tool.