The AI security tool then, retroactively discovered that it could have been used for LPE.
Again, just my guess I could be wrong.
[0] https://github.com/openbsd/src/commit/1957873d2063db11dab780...
Dismissing their claims is not being selective, it's just the right thing to do.
The main claim from OpenBSD is "Only two remote holes in the default install since forever".
It is technically true. But it's also selective because they deliberately disable every service by default and don't install any software beyond core.
Once the OS is configured to be useful, we're far from the default install and they would (and have!) refuse to update their motto when confronted with RCEs in those parts.
Which is fair enough! You gotta draw the line somewhere. But that's still being very selective.