Had exactly the same sort of experience using AI to audit a code base we inherited recently at $dayJob.

Spotted over 100 “security issue but after whittling them down via reproduction scripts and validating they were real CVE’s - that number was around 30.

Even so - it was a huge win and something we wouldn’t have spotted.

It’s something I’ve now codified into repowarden.dev