Judging from the experience of people running bug bounty programs lately, you'd definitely get an endless supply of successful exploit reports. Whether any of them would be real exploits is another question though.

https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-s...