I think focusing on undocumented APIs is key. Those often hide the most vulnerabilities. The 15,000+ test cases make me wonder: does it continuously update the library as new attack vectors emerge?