I mean, you should definitely have _some_ level of audit by LLMs before you ship, as part of the general PR process.

But you might need thousands of sessions to uncover some vulnerabilities, and you don’t want to stop shipping changes because the security checks are taking hours to run