Running security review as a PR-time agent is a better loop than the usual "run SAST on main, file a Jira, nag the author three weeks later" dance. The signal is fresh, the diff is small, context is in the author's head. One thing I'd test: how well it handles multi-file vulnerabilities (taint from file A → sink in file B via helper in file C). Single-file scanners miss those constantly.