[volkk]

because some vulnerabilities are complex combinations of ideas and simply ingesting one file at a time isn't enough. and then the question is, well how many files, and which? and when trying to solve for that problem, then you're basically asking something intelligent on how to find a vulnerability

[ViewTrick1002]

Which is why it is an agent with the possibility to grep the repo, list files, say a scratch pad for experiments and so on?

The file is just the entry point. Everything about LLMs today are just context management.

[volkk]

yeah but i think my point is that you need an intelligent model to combine the files in such a way that you could give the proper context for a cheaper/dumber model to potentially find exploits. if you have dumber models doing this, wouldn't you have a borderline infinite combination of ways to setup context before you end up finding something?