Is code vulnerability represented in model activations? What do probes trained on vulnerable code detect?