Agreed that they shouldn't be writing vulnerable code to begin with. You'd think the models would be trained to know when they are working on something that has security implications, and to validate the security of what they're building, as they're building it.