Unit 42 research documents AI-accelerated vulnerability discovery compressing exploitation windows from days to hours, with confirmed supply chain incidents targeting the Axios JavaScript library and the TeamPCP project as illustrative anchors. Any organization with npm or PyPI dependencies in production or CI/CD pipelines carries direct exposure to the supply chain attack surface described. No CVEs are assigned; the risk surface is dependency integrity, build environment credential hygiene, and patch velocity architecture.