“Implement strict monitoring and auditing practices for collaborative model development environments to prevent and quickly detect any abuse,” including model merge and conversion services.

The Ultralytics compromise (Slide 10) entered through a collaborative surface — a pull request into the build workflow. OWASP also flags model-merge and format-conversion services as places attackers stage payloads. These shared, automated pipelines are trusted by default and rarely watched.

→ Lock down CI/CD: least-privilege tokens, no untrusted PRs touching release jobs, audited workflow changes
→ Log and review who merged, converted, or published which artifact
→ Alert on anomalies in build/merge services, not just in the running app

Ask: could an outside pull request cause code to run in our release pipeline? If yes — or if no one would notice — that's the Ultralytics hole, still open.