This is assuming that project owners and good actors won't also be using LLM tools to protect open code.

Open does not mean vulnerable, open simply means it's a more obvious cat-and-mouse game.

I absolutely assume that project owners will use LLM tools to protect themselves, but it seems like it whoever spends more will find more security issues. And potentially a malicious actor could decide to spend more tokens on one specific part of the program, while the owner has to protect everything. I think with open source the idea is that there are more eyes looking at the potential problems, and more of those eyes are benevolent, but LLM change that as it's not about the number of people but whoever is ready to spend the most resources.