Apply the mitigations of “A06:2021 – Vulnerable and Outdated Components,” including “vulnerability scanning, management, and patching,” and “implement a patching policy” for vulnerable or deprecated components and models.

The PickleScan bypass (Slide 12) was fixed in version 0.0.31 — but only protects teams that actually upgrade. Outdated and deprecated models carry the same risk: unmaintained components don't get fixes, so running them is accepting known holes forever.

→ Run dependency + model scanners in CI and block builds on critical findings
→ Set a patching SLA (e.g. criticals within N days) — including your security tools themselves
→ Track end-of-life for models and frameworks; plan migration off deprecated ones before they're abandoned

Check the version of every scanner and core dependency in production against its latest release. A months-old scanner is a slide-12 waiting to happen.