"It's just a neutral tool" gets a lot harder to claim once a vendor starts specifically training and marketing the model for its ability to bypass security controls.

Yes, pentesting tools, even automated ones, are often legal. But they commonly do run up against legal restrictions and risks. They're marketed very differently from ChatGPT.