Well.. every new vulnerability is one nobody did find it before.

Otherwise, it won't be classified as "new"

--

Edit:

I think LLM is very useful here.

When a researcher spot something funny, instead of spending two days on reading and testing, he can fire up a LLM and have it read all the code lead to there in ~30 minutes.