A lot of developer supply-chain risk still gets discussed like the malicious package is the whole story.
The more interesting problem is what happens when the package, MCP server, or IDE extension lands inside a workflow that already has trusted access to repos, terminals, CI/CD, cloud configs, or secrets.
That is not “AI went rogue.” It is over-trusted automation becoming a reusable attack path.
AlphaHunt broke down the forecast angle here.
Where would this fail first in your environment: tool approval, config visibility, or secret-access logging?