When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit.
socket.dev/blog/mini-sh...
Newer packages in this compromise use native extensions and .pth loaders to execute JavaScript stealers in developer environments.
