I actually do not think that this is fundamentally much more risky than the basic type of supply chain attack that already exists in code form. You actually have a lot less exposure, because when you give people the ability to run code on your computer, it works deterministically, whereas most AIs are becoming hardened to the sort of prompt injection attack we are discussing here. To put it another way, AI prompt injection supply chain attacks are dominated by code-based ones.
I do not think it is correct to say that someone who is building something with a tool you don't like "deserves every single thing coming to [them]". That seems a little mean to me.
I do not think it is correct to say that someone who is building something with a tool you don't like "deserves every single thing coming to [them]". That seems a little mean to me.