Why it matters
The Hacker News argues that AI can accelerate code review, payload generation, attack-surface analysis, and repetitive testing, but its output remains a lead until a practitioner proves reachability, boundary crossing, reproducibility, and concrete impact in the target environment.
My takeaway: Separate hypotheses from reportable findings. Require reproducible steps, attacker prerequisites, affected trust boundaries, deployed-configuration evidence, demonstrated impact, severity justification, and a regression test before an AI-generated lead enters remediation workflows.