That's already a thing, a friend of mine works at a company which sells a product like this (automated internal pentesting).

They use machine learning to detect common vulnerable code, network configurations etc.

It's similar to what this company does: https://xmcyber.com/platform/