It might not help in your case, but usually LLMs are far more likely to help if you have source code available, or if the service is running on localhost. Ideal if you have a source code where the LLM can make a lab setup and test vulnerabilities by itself. Normal GPT-5.5 with KYC is enough for this.