Every model produced at least one false-positive run by hallucinating vulnerable paths in the OpenNDS real-world task