Yeah definitely. To be fair before LLMs I was a security researcher for years so with that experience I was more or less able to replicate most of an acceptable process (even up to report generation).

I still review and make a decision about every report though.

In contrast I think a lot of people are just pointing agents at websites and then telling them to create and send a report which is a great way to produce trash and a ban.