It also depends on if the CVEs can be fixed by LLMs too. If they can find and fix them, then it's very good.
replyFixing isn't often a problem for CVEs. The hard part is almost always finding the CVE in the first place.
replyThere are some extreme cases that might require extensive code changes, and those would benefit from LLMs. But a lot of the issues are things like off by one issues with pointers.