[canucker2016]

I think it'll be a war of who has the better LLMs-as-security-scanner.

Ideally, you'd do a comprehensive all-source-code scan, (and the LLM-scanner finds everything during those scans), and fix all the reported defects.

Afterwards, any dev that commits code will run the LLM-scanner on the modified code (and affected areas) and fix any reported defects.

So the black-hat hacker would be shut out unless they get access to an LLM-scanner with better analysis than what the target project is using.

Major LLM-scanners could give priority access for new versions of LLM-scanners to major projects to find any defects in the current source code before any other party could use the reported defects against the project or their users.

So black-hat hackers would be left with developing their own LLM-scanner better/more efficient than existing major LLM-scanners.

Given enough incentive, they might develop such a tool. Look at the market for zero-day vulnerabilities for smartphones, esp iPhones.