You’re right, he does: https://daniel.haxx.se/blog/2025/10/10/a-new-breed-of-analyz...

Curl fully supports the use of AI tools by legitimate security researchers to catch bugs, and they have fixed dozens caught in this way. It’s just idiots submitting bugs they don’t understand that’s a problem.