Six months ago I got fed up with my AI code review tool.

Two problems.

It charged roughly 3.5× the raw OpenAI API cost while pretending that wasn't happening.

It kept flagging phantom SQL injection in a codebase that literally had no SQL, while completely missing a real authorization bypass in the same pull request.

That combination broke my trust.