You don't need an LLM to deduplicate bugs, just categorize by files affected. The real security problem is LLMs have a ~499/500 false positive rate and the new 'security research' post this slop and DDoS the mailing list.