[tklinglol]

This is confusing - the reporter claims to have "crafted the exploit" using the info they got from Bard. So the hallucinated info was actionable enough to actually perform the/an exploit, even though the report was closed as bogus?

[openasocket]

No, they weren't able to "craft the exploit". The text claims an integer overflow bug in curl_easy_setopt, and provides a code snippet that fixes it. Except the code snippet has a completely different function signature than the real curl_easy_setopt, and doesn't even compile. I doubt this person did any follow through at all, just copy/pasted the output from Bard directly into this bug report.

[Khoth]

The thing they're they're reporting is that a CVE leaked and Bard found out about it before public disclosure.

Except that it's false because Bard made it up. There's no real curl exploit involved.

[sunbum]

Or lied about crafting an exploit for a potential bug bounty payout