Benchmarking 13 AI models on rediscovering known CVEs
TL;DR Every frontier model launch now comes with the same cybersecurity claim: it finds vulnerabilities. But does it work on a real bug in a real repository, or just on a curated example? Of the dozen models you could pick, which is worth trusting with code review? And since the strongest models cost ten times or more per run than the cheapest, what does that extra spend actually buy you in bugs found?