that makes the second point stronger then - if the same model can find, document and exploit a kernel vulnerability, the question of what it introduces when writing production code becomes harder to dismiss. the capability is symmetric. the visibility isn't.