They weren't special even before LLMs. Drive-by script-kiddies would run some basic scripts against your platform and send generally-not-actually-a-vulnerability reports, claiming that these were big problems, and requesting to be paid bug bounties.
They weren't special even before LLMs. Drive-by script-kiddies would run some basic scripts against your platform and send generally-not-actually-a-vulnerability reports, claiming that these were big problems, and requesting to be paid bug bounties.
And then they submit them to a CNA and get a CVE assigned, and then _everyone_ needs to deal with the not-actually-a-vulnerability report, especially when the not-actually-triggerable-DOS gets assigned a "Critical" CVSS score from EUVD or NVD.