Ehhh in my experience compliance auditors are 10 behind the cutting edge. I still see auditors that don't understand Kubernetes and so ask the same questions they would about on prem machines. They don't know the questions to ask to get to the real meat of the risks. This leads them to allow things through that probably deserve more scrutiny. I bet the same thing will happen with LLM tools like this. They'll just ask if you use PRs and wave you on through.