@baldur Have you heard of fuzzing https://en.wikipedia.org/wiki/Fuzzing this is very compute and time intensive and works against the code you're attacking. It's not very beautiful, but it surfaces bugs that can't otherwise be found without putting in the work. Why is that? SOTA static analyzers like Coverity are great, and find their own classes of otherwise unfindable bugs. But they only look for what they know. The new AI methods find new problems in old code the other ways don't. It's very scary.