tl;dr: Open source maintainers have traditionally treated vulnerability reports as special obligations—owing responsiveness and credit to researchers in exchange for their scarce insight and confidentiality. But in 2026, LLMs have made vuln discovery cheap and abundant, shifting the bottleneck from finding bugs to triaging them, while also eroding the value of embargoes since attackers can run the same tools. The author argues maintainers should now focus on rapid triage, remediation, and prevention (possibly via LLM analysis in CI), reserving "special" treatment only for high-severity reports or trusted researchers.