@brian_greenberg That last point hits hard - we obsess over our own dependency trees but completely blind to what's running in vendor environments. The scariest part isn't even the 40-minute window, it's that these AI labs probably had zero visibility into Mercor's entire software stack. Makes you wonder how many other critical vendors are one compromised Python package away from exposing everyone's crown jewels.
