Yee, absolutely. A team with a strong code review culture that incorporates security review against common exploits ideally wouldn't end up with holes like this.

▲

ihaveajob 2 days ago | parent [-]

I guess the value of the tool is that it gives you that same benefit for the cost of a few tokens.

	▲	tmoertel 2 days ago \| parent [-]
		> I guess the value of the tool is that it gives you that same benefit for the cost of a few tokens. But it doesn't give you the same benefit. It gives you the partial benefit of catching these problems before they go to production, but it doesn't give you the remaining benefit of teaching your team about where their mental models are broken. A team that decides to delegate this responsibility entirely to AI is going to have a hard time learning about these serious defects in their mental models. Fixing those defects will pay dividends throughout the code base, not just in the places where AI would detect security failing.