By your logic, it would be really easy for the code creator to run an agent to find and fix exploits in their own code.