I think GP is making the opposite point.

Blindly rejecting all PRs means you are also missing out on potential security issues submitted by humans or even AI.