I think what I was getting at is more that the volume of unreviewed code is increasing faster than our ability to review it. We're more aware of the risks, but we're also running `npm install` on packages with 200 transitive dependencies and now asking AI to write whole features. The awareness went up but so did the attack surface, and I'm not sure the first is keeping pace with the second.