what do you expect? if you’re “automating” an audit, it already means you don’t care. the LLM is there to blur the calculus of responsibility, take the blame if someone cares enough to look. happy customers, until someone “delves” a little too deep (like you did) and ruins the slumber party.

This was my general reaction when it was determined that the "log review" portion of the PCI checklist (can't remember what level) could be satisfied by computer "review", and that newer PCI versions were moving towards preferring automated "review"