True, but the Docker attack surface is limited to a malicious actor distributing malicious images. (Bad enough in itself, I agree.)

Unreliable, unpredictable AI agents (and their parent companies) with system-wide permissions are a new kind of threat IMO.