LLM Security Automation Isn’t a Drop-In Scanner Yet

This article examines the challenges of using large language models (LLMs) as drop-in security scanners in agentic coding workflows. It documents six structural failure modes that arise from probabilistic models and agentic control loops, contrasting them with traditional static analysis tools engineered for repeatability. The author provides measurement ideas for engineering reviews and grounds claims about 'secured' code in peer-reviewed evidence, including BaxBench benchmarks. The piece serves as a scope guardrail, not a dismissal, emphasizing that LLMs can compress context and suggest hypotheses when used with proper contextual information, but reintroduce variance when used as the sole security gate. It covers background on security engineering practices, the anatomy of agentic security passes, and the coupling of model policy, tool surface, and nondeterministic decoding.