Fake OpenAI "Privacy Filter" Repo Hit 244K Downloads Before Takedown

Hugging Face is npm in 2018 — wide-open, trust-by-name, and a perfect supply chain attack surface. The 18-hour window to #1 trending is the real lesson: trending lists are a vulnerability when they're driven by velocity, not provenance. Every enterprise pulling models from public registries should treat them like binary blobs from a stranger. The next big AI security incident won't be a jailbreak — it'll be a poisoned model with 500K downloads inside Fortune 500 dev environments.