Requiring exploits is not how vulnerability research works, with or without AI. Vulnerability discovery and exploit development / weaponizing them are different things. Vendors have long since learned to take vuln reports, with our without demo exploits, seriously.