“Security research is becoming a function of compute budget, not headcount.”
Sansec spent $10,000 on Claude API calls and found 353 confirmed vulnerabilities across 5,000 Magento extensions, affecting packages with nearly 6 million downloads. The AI performed static analysis, then validated each finding by actually exploiting it in Docker containers. This is the automation of security research that everyone predicted but few have executed at scale. The economics are brutal for manual auditors: one weekend of compute time doing what would take a team months.