> In some cases, I am asking: "Why is this program or functionality an attack surface? Why can someone on the internet write to this system?"

With the help of LLMs, every software not in a vault has an attack surface. LLMs are quite good at finding different, non-obvious paths, and you can easily test their exploit candidates.