Why on-device AI is a supply chain problem now (and how to fix it)

Last month, a team shipped an on-device agent for field laptops. It was supposed to summarize logs and suggest fixes offline. Instead, it became a blind spot. A model file got swapped during an internal test. The app still ran. The UI still looked normal. The agent still had access to local files, cached tokens, and a few “temporary” admin actions nobody had removed yet. No breach headline, no movie-style hack - just a supply chain problem hiding inside an AI feature.