I open-sourced a little thing called mesa . It's an orchestrator, paperclip alternative — you run it on your laptop, it spawns coding agents, babysits them, wires them up to your actual work. Local dev tool. That's the whole pitch. Within a week, two strangers opened PRs to it. One of them shipped 62,000 lines of Shopify onboarding docs, finance-team agent definitions, and a marketing ops playbook, into a Go project that has nothing to do with any of that: mesa#28 . Go look. It's still open. Nobody got hacked. They were using mesa the way it's supposed to be used — running it locally, pointing agents at their own projects. The agents had push access (of course they did, that's how agents work). And somewhere between "do the work" and "commit the work," something pushed to msoedov/mesa instead of to their own fork. I don't even think they noticed right away. Think about what that means for a second.…