A large number of security issues in the supply chain are found in the weeks or months after library version bumps. Simply waiting six months to update dependency versions can skip these. It allows time to pass and for the dependency changes to receive more eyeballs.

Vendoring buys and additional layer of security.

When everyone has Claude Mythos, we can self-audit our supply chain in an automated fashion.