North Korea's Fake Company Hack and the Chinese Model Takeover

The infrastructure AI depends on — from open-source packages that agents install automatically to the models powering Silicon Valley's products — is increasingly built, maintained, or compromised by actors outside the US. North Korean operatives built an entire fake company to compromise a JavaScript developer maintaining a widely-used package. Meanwhile, Chinese AI models are deeply embedded in US tech companies' production workflows, even as Alibaba signals a shift away from open-source. Three simultaneous regulatory battles — a First Amendment challenge to AI law in Colorado, a data center construction ban in Maine, and the first conviction under the Take It Down Act — are shaping a fragmented governance landscape. The common thread is dependency: on vulnerable maintai ...