> your responsibility is to know what's in your codebase, understand any potential exposure vectors, and not ship obvious vulnerabilities to real users

It seems like CYA; with all the marketing about how LLMs will solve all problems it was really surprising to see that, but legal probably told them to go easy on it.