Security & supply chainThe 'OSS ingredients are basically safe' assumption just got a 52,000-package counter-example
Chainguard says it scanned 52,000 open-source packages used by AI-generated and 'vibe-coded' applications and concluded the long-running default — that the ingredients are safe to assume trustworthy — no longer holds. For CI/CD owners, that pushes dependency scrutiny upstream of the build.