Your security controls are (a huge) part of your attack surface
Security software is just software, subject to all of the same problems as any other type of software. And like so much of the software we find in the enterprise, security software has some predictable characteristics: