Today's A.I. security review ridiculousness: It (I think it's Snyk, but I'm not sure at this point what the source is) pointed out a double semicolon in some C++ code. It acknowledged that it was not a "directly" a security vulnerability, then went on to say that if some pointer used in the statement wasn't checked, it could lead to a null pointer dereference.
These two things have nothing to do with each other (and you can actually make that statement about any pointer anywhere), but it agglomerated them anyway because that's what next token prediction does.
There probably is no point to pointing this kind of issue out anymore, but I feel the need to say again that this kind of nonsense adds up and wastes time and energy. We're now building a world on this, and it is going to be shaky.