> It doesn't look like they had 1 AI run for 20 minutes and then 30 humans sift through for weeks.

It does, though, look like they were running their AI over the codebase for an extended period of time (not per run, but multiple runs over the period of a year)

> Does it matter?

Hell yes, false reports are the bane of the bug bounty industry.