Sometimes security theater is what you need to not trigger a false positive on a static code analysis.

I haven't needed to use a service like Fortinet recently and am now wondering if a LLM is part of their tool and if it's better/worse?