Fair, but if you look at most tools for Static Code Analysis they will have equal or worse performance with regards to false positives and are still seen as added value.

If this is inexpensive (in terms of cost/time) it will likely make business sense even with false positives.

▲

JohnMakin 2 days ago | parent [-]

But that isn’t the claim. The claim is an agentic pen tester “trounced” human testers. Static analysis tools are already trivial and cheap to automate, why would you need an agent in the loop?

	▲	pedro_caetano 2 days ago \| parent [-]
		I agree with your point that the claim is exagerated. My counterpoint is even if they are subpar, they will still make business sense if they are inexpensive, much in the same way that Static code analysis tools aren't great but because they are inexpensive they still make sense during development.