@bagder it's the lamp post fallacy. Many memory errors are relatively easy to find, making them a fun target for early static vulnerability analyzers.
Leading to a lot of security bugs related to buffer overruns that were found automatically.
Leading some people to conclude erroneously that since they were the majority of security bugs found, they must represent the majority of all security bugs.
AI vulnerability scans will likely demonstrate they were just the tip of the iceberg.