Why think about nefarious intent instead of just user error? In this case LLM error instead of programmer error.

Most RCEs, 0-days, and whatnots are not due to the NSA hiding behind the "Jia Tan" pseudo to try to backdoor all the SSH servers on all the systemd [1] Linuxes in the world: they're just programmer errors.

I think accidental security holes with LLMs are way, way, way more likely than actual malicious attempts.

And with the amount of code spoutted by LLMs, it is indeed --and the lack of audit is-- an issue.

[1] I know, I know: it's totally unrelated to systemd. Yet only systems using systemd would have been pwned. If you're pro-systemd you've got your point of view on this but I've got mine and you won't change my mind so don't bother.