If not static analysis what would ai tools be considered? They're operating off the same source code

Also nice the onion reference by op.

PlasmaPower 3 hours ago | parent | next [-]

"static analysis" is usually deterministic rules you can e.g. put in CI. AI is also somewhat dynamic in that it can execute commands to try stuff out. The best AI vuln finding harnesses work that way, by essentially putting the AI inside of a fuzzer-like environment and telling it to produce a crash.

▲

wizzwizz4 3 hours ago | parent | prev [-]

It's a reference to Xe Iaso's blog (e.g. https://xeiaso.net/shitposts/no-way-to-prevent-this/CVE-2025...), which is itself a reference to The Onion.

	▲	saghm 2 hours ago \| parent [-]
		It's possible I had seen that blog post and not remembered! I was intending to reference the Onion though (and even googled to make sure I had the wording right), but seeing someone else make the same joke and forgetting is certainly something I would do