Sort of. But you can also ask LLMs to put in a lot of effort understanding the codebase, run tests to disprove its hypotheses, and write documentation or refactor.
One interesting anecdote is how LLMs found a bunch of vulnerabilities in OpenSSL, and OpenSSL is notable for having a particularly bad/hard to work with codebase, suggesting that humans couldn’t find them because it was too hard to read. While higher code quality alternatives had none of the same vulnerabilities.
Sort of. But you can also ask LLMs to put in a lot of effort understanding the codebase, run tests to disprove its hypotheses, and write documentation or refactor.
One interesting anecdote is how LLMs found a bunch of vulnerabilities in OpenSSL, and OpenSSL is notable for having a particularly bad/hard to work with codebase, suggesting that humans couldn’t find them because it was too hard to read. While higher code quality alternatives had none of the same vulnerabilities.