Two questions worth answering this week. What is your engineering team running right now — the canonical AI coding tool you authorized, or a fork routed through a backend you do not control, configured by files an attacker can write into your repository? And if the foundation lab anchoring your AI roadmap stumbles on revenue, sits in active corporate-form litigation, and warns its own CFO about a one-and-a-half-trillion-dollar compute funding gap, what does your off-ramp profile look like in writing today?
Episode 10 continues the "trust at the seam" thread from Episode 9 across two new fronts.
Part 1 walks the TeamPCP cascade — a forty-two-day, multi-package, cross-ecosystem supply-chain attack chain (Trivy on March 19, litellm on March 24, SAP packages on April 29) that culminated in the first documented weaponization of an AI coding-agent harness configuration as a persistence mechanism.
Part 2 walks the OpenAI miss reported by the Wall Street Journal on April 28, the structural reading of the four overdetermined factors behind it (capacity outpacing demand, Anthropic capturing the enterprise wedge, GPT-5.5 pricing posture, DeepSeek V4 shipping at 10–13× lower API cost), and the Musk versus Altman trial in week one — including the bifurcation order that makes the federal jury advisory and the bench remedies trial calendared for May 18. Part 3 lands the compliance calendar.
Posture throughout is measured and practitioner-professional. Frameworks named at scope and weight (the supplier-relationship family, the supply-chain entry of the OWASP LLM Top 10, the supplier provisions of the ISO 42001 family) — never by clause number. Closing sign-off:
Move at your own pace. Secure your stack. Audit your harnesses. Own your diligence and own your outcomes.
AI Disclosure: This episode was produced with AI assistance. Research synthesis and script writing used Claude (Anthropic) under human editorial direction. Audio narration by Microsoft Edge TTS (en-US-AndrewNeural voice).