I think all models can find vulnerabilities if read the entire code base. Or intelligently combine parts of the codebase. Especially with test loops.