Sticking to your "Goldoon" example, does your result table (7) only consider artifacts from the downloader part? If yes (hard to know, but it looks like it), this is a 13kb tiny downloader, it's definitely not worth 4-5 days of analysis. A couple of hours maybe. And I'm being pessimistic.

then how do you quickly confirm the AI assertion without input/output testing? It may be a sha256 variant. You know well malware authors like to modify standard algorithms.
If it's just saying "it looks like sha256", it's also very quick to say without AI:

Give the same task to the same person (or another evenly skilled one) with and without AI. Repeat with a few other malware analysts.
Bonus points if the task has clearly defined results, e.g. "extract the C2 url", "what files are modified", list all C2 commands, what encryption is used, etc.