In this case, it’s about vulnerability reports, not about vulnerable code being contributed. There’s a bounty for any found vulberability in Curl, and then because telling an AI to try to find a vulnerability is essentially free, you’ll have lots of people looking to make a quick buck by just reporting whatever the AI spat out, no matter how nonsensical it is.