> the problem here is that many of the submissions are not "make-believe work" but actual existing security issues

Not exactly, the submissions are reports about actual existing security issues. They are make-believe work because everybody has access to AI, and anybody could have done it. Deduping is not productive work, it's a search for productive work.

Instead of spamming bug reports generated by AI, people should spam cash or token credit of some sort so the project can generate these themselves. The real unnecessary part of the entire process is the submitter. There's no need for an AI middleman.

If somebody comes up with some witty trick that gets an AI to find a bug that it wouldn't have found on its own, submit the prompt.