I'd say that people take everything as if it was gamified. So the motivation would be just to boast about "raised 1 gazillion security reports in open-source project such as curl, etc. etc.".
AI just make these idiots faster these days, because the only cost for them to is typing "inspect `curl` code base and generate me some security reports".
I remember the Digital Ocean "t-shirt gate" scandal, where people would add punctuation to README files of random repositories to win a free t-shirt.
https://domenic.me/hacktoberfest/
It wasn't fun if you had anything with a few thousand stars on Github.