Google, to their credit, has invested a TON of money into both manual review and also fuzzers. Every major fuzzing project I've read about in the last few years has been at least funded in part by Google.

They’ve gotten way better at this over the last decade with coverage guided execution.

Well, yes and no. For example, coverage-guided fuzzers won't reliably find the taken branch in

  if (hash(x) == 0x12345678) {

  }

Of course this is contrived, but you can imagine something similar where it requires a delicate setup for that branch to be taken at all, that a human (or these days, an LLM) can find straightforwardly.

is Google using LLM-guided fuzzers that can inspect the code first?