Opinion: fast AI development culture rewards speed over depth, and that gap is where production failures live
Speed Is Not a Strategy: Why Fast AI Development Is a Liability Dressed Up as a Virtue
There is a pattern I keep watching repeat itself in AI engineering, and I am tired of pretending it is not a problem. The teams shipping fastest are often the teams with the least understanding of what they have actually shipped. That gap, between working and understood, is exactly where production failures live.
This is not about junior engineers being careless. These are smart people. The gap is about depth, not skill.
The Abstraction Tax
When I started building ML systems, thin abstractions forced comprehension. You needed to know what NumPy was doing with memory, how your data pipeline moved bytes, why your training loop was slower than it should be. The cost of not knowing showed up immediately.
Now the abstractions are thick and the cost is deferred. You can assemble a working RAG pipeline in an afternoon without understanding what a single underlying library is actually doing. That productivity gain is real. I am not romanticizing the old way. But deferred costs do not disappear.
The LiteLLM Attack Is the Perfect Case Study
This week, a supply chain attack on the LiteLLM Python package made the problem viscerally concrete. LiteLLM gets roughly 97 million downloads a month. The attacker, a group called TeamPCP, did not need anyone to import the package directly or call a function. The malware fired automatically on install. SSH keys, AWS credentials, Kubernetes configs, .env files, crypto wallets, shell history, SSL private keys. All of it, gone, before a developer even opened their editor.
The attack chain got worse at every step. TeamPCP compromised Trivy first, a security scanning tool. The credentials stolen from the security tool were used to hijack LiteLLM. Then GitHub Actions, Docker Hub, npm, Open VSX. Five package ecosystems breached in roughly two weeks, each one funding the next.
The reason thousands of companies are not fully exfiltrated right now is that the attacker wrote sloppy code. The malware consumed so much RAM it crashed a developer’s machine. They investigated. They found LiteLLM had been pulled in as a dependency of a dependency of a Cursor MCP plugin they did not even know they had installed.
Andrej Karpathy called it plainly on X: every time you install any package, you are trusting every dependency in its tree, and any one of them could be poisoned.
Nobody chose this. The package arrived through a chain nobody audited.
The Companies Deploying Fastest Have the Least Visibility
This is the sentence that should stop people cold. The teams racing to ship AI agents, copilots, and internal tooling are running on hundreds of packages with dependency trees nobody has fully reviewed. Speed is the point. Understanding is overhead. That tradeoff feels fine until it absolutely is not.
I have watched this play out on smaller scales too. An engineer adds a library because it solves a problem in five minutes. Six months later, the library is abandoned, the behavior changed in a patch they did not notice, or it is pulling in something that should never be in a production environment. The five-minute win becomes a two-week incident.
What Depth Actually Buys You
Understanding your stack is not nostalgia. It is the difference between catching a problem in development and catching it after a breach.
Knowing why LiteLLM exists in your dependency graph, not just that it does, means you can ask whether it should be there. Knowing what your vector store is actually doing with embeddings means you can reason about what breaks when the model changes. Knowing which packages touch credentials means you can scope your blast radius before an attacker does it for you.
This is not about reading every line of every library. It is about maintaining a working model of your system, one level deeper than the abstraction you are using.
TeamPCP posted on Telegram that many favorite security tools and open-source projects will be targeted in the months to come. They are not done. The next attacker may write cleaner code, and there will be no crashing machine to tip anyone off.
The culture that celebrates shipping fast without asking what you shipped is not a competitive advantage. It is an attack surface.
Start treating it like one.
Sources
#AIEngineering #MachineLearning #CyberSecurity #SoftwareEngineering #MLOps
