> I don't think so. This is already the situation. Maintainers already fix vulnerabilities when they know about them.

This is already the situation and it is a problem and that is why we are talking about it.

> If the situation is that the attacker is focusing on a single project, the attacker will win, as they do already. But the attackers usually need to split their attention over lots of projects.

Just like that, the developers split their attention over N projects, the activities of developing and finding vulnerabilities, etc. Unlike the attackers, they live in free countries without figurative guns to their heads. Unlike the attackers, they do not have government-funded datacenters churning on finding vulnerabilities. So it more than cancels out, and you are repeating yourself.

> I don't agree with that logic

Sure, knock yourself out.

> The LLM will shrink the gap, not increase it.

I’m not going to argue with you on behalf of all the different posters here who claim how LLM help more if you are already knowledgeable and don’t help as much if you are a beginner and don’t actually know what you are doing compared to the pro. I think you are a minority in your opinion.