Yes and no. LGTM is about known vulnerabilities. It doesn't (currently) use artificial intelligence to discover new vulnerabilities, but it allows writing complicated yet efficient patterns for vulnerabilities found by human intelligence.

So it's more advanced than simple "know bad dependencies", but it's also not quite "new vulnerabilities".