Two recent stories share an uncomfortable quality: the products organizations deploy to enforce security controls have become the most attractive targets on the network.
The same trust model that makes open-source package ecosystems productive has made them a reliable attack surface — and recently that surface expanded to include the AI/ML toolchain itself.