I've been getting a lot of vulnerability "spam mail" recently that's clearly AI-generated.

It's a surprise every public bounty program isn't completely buried in automatic reports by now, but it likely won't take long.