I don't understand the nature of the supposed security incidents found by LLMs:

Are these totally previously unknown security holes or are they still generally within the umbrella of our understanding of cybersecurity itself?

If it's the latter, why can't we systematically find and fix them ourselves?