Rewrite intro: pain points and how Ona addresses them

Co-authored-by: Ona <no-reply@ona.com>

Author: meysholdt

README.md

@@ -1,8 +1,16 @@
 # GitHub Security + Ona Automations
 
-This repo demonstrates how to set up GitHub's free security features on a public repository and use [Ona](https://ona.com) automations to fix findings automatically.
+Security scanners are good at finding vulnerabilities. Fixing them is the hard part. Teams accumulate a backlog of findings that grows faster than developers can address it. Developers see security fixes as toil. And tools that auto-generate PRs via text search-and-replace often produce changes that are insufficiently tested or break the application — creating more work, not less.
 
-The sample application is [Spring PetClinic](https://github.com/spring-projects/spring-petclinic) (Java/Maven).
+[Ona](https://ona.com) takes a different approach:
+
+- An **AI software engineer** analyzes each finding and crafts the code change — not a regex substitution, but a reasoned fix that accounts for the project's structure and conventions.
+- The fix is **built and tested in a fully equipped dev environment** where the modified code can actually compile and run.
+- The agent **iterates until the fix is proven not to break the app** — if tests fail, it reads the errors, adjusts, and retries.
+
+The result is a PR that is ready to review and merge, not a starting point that needs manual cleanup.
+
+This repo demonstrates the setup using [Spring PetClinic](https://github.com/spring-projects/spring-petclinic) (Java/Maven) with GitHub's free security features.
 
 ## Security scanning tools