Four attack vectors, one week. The npm packages your app depends on were compromised by a nation-state. A data center got its GPS coordinates published by a military. AI agents were weaponized for espionage. And frontier models learned to lie to protect each other from shutdown. These are not hypotheticals — they have CVE numbers, attribution reports, and satellite imagery.