Comment by scotty79

> Scoped context: Our tests gave models the vulnerable function directly, often with contextual hints (e.g., "consider wraparound behavior").

To be fair, nothing stops anyone from feeding each function of given codebase separately with one out of the predefined set of hints.

It's just AST and a for loop. Calling it a system is a bit much.